CVE-2021-23412 Vulnerability in npm package gitlogplus

Description

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

Remediation

References

https://hackerone.com/reports/808942

https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832

https://www.npmjs.com/package/gitlogplus

Related Vulnerabilities

CVE-2023-50709 Vulnerability in npm package @cubejs-backend/api-gateway

CVE-2019-10776 Vulnerability in npm package git-diff-apply

CVE-2023-26111 Vulnerability in npm package node-static

CVE-2021-23419 Vulnerability in npm package open-graph

CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H