Description
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
Remediation
References
https://hackerone.com/reports/808942
https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832
https://www.npmjs.com/package/gitlogplus
Related Vulnerabilities
CVE-2022-23708 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-25760 Vulnerability in npm package accesslog
CVE-2021-3749 Vulnerability in npm package axios
CVE-2021-23784 Vulnerability in npm package tempura
CVE-2021-3503 Vulnerability in maven package org.wildfly:wildfly-metrics