GMS-2020-2
ADVISORY - gitlabSummary
Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting preferLocal=true
which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in