Description

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

Remediation

References

https://hackerone.com/reports/808942

https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832

https://www.npmjs.com/package/gitlogplus

Related Vulnerabilities

CVE-2023-40812 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2020-21122 Vulnerability in maven package com.bstek.ureport:ureport2-console

CVE-2022-25860 Vulnerability in maven package org.webjars.npm:simple-git

CVE-2020-7746 Vulnerability in maven package org.webjars.bowergithub.chartjs:chart.js

CVE-2022-24197 Vulnerability in maven package com.itextpdf:itext7-core

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Product