What the vulnerability does

01Description

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

Key dates

02Disclosure timeline

September 13, 2019 CVE published
August 4, 2024 Record updated