MidnightBSD

Advisories for gitlogplus_project

CVE-2021-23412 HIGH

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
report@snyk.io 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gitlogplus_project gitlogplus 3.1.4
gitlogplus_project gitlogplus 3.1.7
gitlogplus_project gitlogplus 3.1.6
gitlogplus_project gitlogplus 3.1.3
gitlogplus_project gitlogplus 3.1.5