2019-09-13 17:30:53
hackerone
PUBLISHED
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.