CVE-2021-23412

moderate-risk
Published 2021-07-23

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

Do I need to act?

~
4.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (5)

Gitlogplus
Gitlogplus
Gitlogplus
Gitlogplus
Gitlogplus

Affected Vendors

Gitlogplus Project

References (6)

Exploit https://hackerone.com/reports/808942
Exploit https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832
Product https://www.npmjs.com/package/gitlogplus
Exploit https://hackerone.com/reports/808942
Exploit https://snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832
Product https://www.npmjs.com/package/gitlogplus
44
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 8/34 · Low
Exposure 12/34 · Low