CVE-2021-23412

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
23/07/2021
Last modified:
28/06/2022

Description

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.4:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.7:*:*:*:*:node.js:*:*