CVE-2021-23412: Command Injection

July 23, 2021 (updated June 28, 2022)

All versions of package gitlogplus is vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

References

nvd.nist.gov/vuln/detail/CVE-2021-23412

Detect and mitigate CVE-2021-23412 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →