Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3bW0tbTN3eC1qN2Zy

Critical EPSS: 0.12886% (0.93762 Percentile) EPSS:
Permalink JSON

Command injection in gitlog

Affected Packages Affected Versions Fixed Versions
npm:gitlog
PURL: pkg:npm/gitlog
< 4.0.4 4.0.4
92 Dependent packages
1,158 Dependent repositories
445,903 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 0.1.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.4.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.2.1-canary.4ad2eb5.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3

All unaffected versions

4.0.4, 4.0.8, 5.0.0, 5.0.1, 5.0.2, 5.1.0

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.

References:

Identifiers

GHSA-67mm-m3wx-j7fr

CVE-2021-26541

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.12886

EPSS Percentile: 0.93762

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/domharrington/node-gitlog

Date and time

Published

over 4 years ago

Updated

21 days ago

API

JSON