CVE-2021-26541

moderate-risk
Published 2021-02-08

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.

Do I need to act?

!
12.9% chance of exploitation in next 30 days
EPSS score — higher than 87% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 9c12a31fb07aae2b9e1c55ef58dbdbb6a58b3221
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Gitlog Project

References (6)

Exploit https://advisory.checkmarx.net/advisory/CX-2020-4301
Patch https://github.com/domharrington/node-gitlog/pull/65
Product https://www.npmjs.com/package/gitlog
Exploit https://advisory.checkmarx.net/advisory/CX-2020-4301
Patch https://github.com/domharrington/node-gitlog/pull/65
Product https://www.npmjs.com/package/gitlog
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 12/34 · Low
Exposure 5/34 · Minimal