CVE-2021-23412 Vulnerability in npm package gitlogplus

Description

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

Remediation

References

https://hackerone.com/reports/808942

https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832

https://www.npmjs.com/package/gitlogplus

Related Vulnerabilities

CVE-2020-14359 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2020-7642 Vulnerability in maven package org.webjars.npm:lazysizes

CVE-2017-16222 Vulnerability in npm package elding

CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.10

CVE-2021-21697 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H