CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-5485

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.539

EPSS Ranking 97.9%

CVSS Severity

CVSS v3 Score 10.0

CVSS v2 Score 10.0

References

http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
https://hackerone.com/reports/685447
http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
https://hackerone.com/reports/685447

Products affected by CVE-2019-5485

Gitlabhook Project » Gitlabhook » Version: 0.0.17

cpe:2.3:a:gitlabhook_project:gitlabhook:0.0.17

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-5485

Products

Pricing

Contact Us