exploitDog

CVE-2021-26541

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2020-4301
Exploit
Third Party Advisory
https://github.com/domharrington/node-gitlog/pull/65
Patch
Third Party Advisory
https://www.npmjs.com/package/gitlog
Product
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2020-4301
Exploit
Third Party Advisory
https://github.com/domharrington/node-gitlog/pull/65
Patch
Third Party Advisory
https://www.npmjs.com/package/gitlog
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitlog_project:gitlog:*:*:*:*:*:node.js:*:*

Версия до 4.0.4 (исключая)

EPSS

Процентиль: 94%

0.12886

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-67mm-m3wx-j7fr

CVSS3: 9.8

github

почти 5 лет назад

Command injection in gitlog

EPSS

Процентиль: 94%

0.12886

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78