Описание
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.4:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:gitlogplus_project:gitlogplus:3.1.7:*:*:*:*:node.js:*:*
EPSS
Процентиль: 88%
0.03916
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
EPSS
Процентиль: 88%
0.03916
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78