Description
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
Remediation
References
https://hackerone.com/reports/808942
https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832
https://www.npmjs.com/package/gitlogplus
Related Vulnerabilities
CVE-2019-17495 Vulnerability in maven package io.springfox:springfox-swagger-ui
CVE-2023-27479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui
CVE-2018-3724 Vulnerability in npm package general-file-server
CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex
CVE-2022-24614 Vulnerability in maven package com.drewnoakes:metadata-extractor