EUVD-2021-1436

Malware in sbrugna...

GHSA-3FXP-VWXM-2R5P Command injection in gitlogplus

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

Command injection in gitlogplus

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

@auto-canary/all-contributors (>=9.16.1-canary.undefined.13449.0 <=9.34.2-canary.1241.15885.0), @auto-canary/auto (>=9.16.1-canary.undefined.13449.0 <=9.34.2-canary.1241.15885.0) +23 more potentially affected by CVE-2021-23412 via gitlogplus (=3.1.7)

gitlogplus NPM version =3.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on gitlogplus and may be impacted: - @auto-canary/all-contributors =9.16.1-canary.undefined.13449.0, =9.16.1-canary.undefined.13449.0, =9.23.0-canary.1099.14362.0,...

Command Injection

gitlogplus is vulnerable to command injection. The vulnerability exists due to lack of sanitization of options attributes appended directly to the command to be executed...

CVE-2021-23412

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

CVE-2021-23412

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

CVE-2021-23412 Command Injection

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

CVE-2021-23412

CVE-2021-23412 affects the Node.js package gitlogplus . The root cause is that the library appends user-controlled options to shell commands without sanitization, enabling a command injection vulnerability. This can be triggered remotely over the network without authentication, with impact on con...

CVE-2021-23412

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

gitlogplus 命令注入漏洞

gitlogplus is a package that displays commit logs. A command injection vulnerability exists in gitlogplus that stems from option attributes being appended to commands to be executed without processing...

Command Injection

Overview gitlogplus is a Git log parser for Node.JS Affected versions of this package are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. PoC by Rafal Janicki 1. Run npm i gitlogplus 2. Run mkdir gi...

@auto-canary/all-contributors (>=9.16.1-canary.undefined.13449.0 <=9.34.2-canary.1241.15885.0), @auto-canary/auto (>=9.16.1-canary.undefined.13449.0 <=9.34.2-canary.1241.15885.0) +23 more potentially affected by CVE-2021-23412 via gitlogplus (=3.1.7)

gitlogplus NPM version =3.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on gitlogplus and may be impacted: - @auto-canary/all-contributors =9.16.1-canary.undefined.13449.0, =9.16.1-canary.undefined.13449.0, =9.23.0-canary.1099.14362.0,...

Code Injection in domharrington/node-gitlog

Description The gitlogplus module is vulnerable against an arbitrary command injection issue which is made possible since some user-inputs are executed inside a command which doesn't have validations of any kind. POC 1. Create the following PoC file: js // poc.js var git = require'gitlogplus';...