CVE-2021-23412
Command injection in gitlogplus
9.8
CRITICAL
CVSS 3.1
EPSS 4.4%
Description
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
How to fix CVE-2021-23412
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- npm/gitlogplus—no fix listed
Is CVE-2021-23412 being exploited?
Low — EPSS is 4.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 3.1.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |