VYPR

npm package

gitlogplus

pkg:npm/gitlogplus

Vulnerabilities (1)

  • CVE-2021-23412Jul 23, 2021
    affected <= 3.1.7

    All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.