GMS-2020-2

ADVISORY - gitlab

Summary

Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting preferLocal=true which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.

Common Weakness Enumeration (CWE)

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

GitLab

CREATED

4 years ago

UPDATED

4 years ago

ADVISORY ID

GMS-2020-2

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-937⁠

CVSS SCORE

9.8critical