CVE-2021-23412 Vulnerability in npm package gitlogplus

Description

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

Remediation

References

https://hackerone.com/reports/808942

https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832

https://www.npmjs.com/package/gitlogplus

Related Vulnerabilities

CVE-2022-39353 Vulnerability in npm package @xmldom/xmldom

CVE-2020-28281 Vulnerability in npm package set-object-value

CVE-2021-46037 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2020-5259 Vulnerability in maven package org.webjars.npm:dojox

CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H