Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-23412
CVE-2021-23412:
JavaScript vulnerability analysis and mitigation
Overview
A command injection vulnerability was discovered in the gitlogplus package (CVE-2021-23412). The vulnerability affects all versions of gitlogplus, a Git log parser for Node.JS. The issue was disclosed on July 2, 2021, and published on July 23, 2021 (Snyk).
Technical details
The vulnerability exists in the main functionality of gitlogplus where options attributes are appended to the command to be executed without proper sanitization. This allows for command injection attacks. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (High) by Snyk and 9.8 (Critical) by NVD (Snyk).
Impact
A successful exploitation of this vulnerability could result in total loss of confidentiality, integrity, and availability of the affected system. An attacker could execute arbitrary commands, potentially leading to complete system compromise (Snyk).
Mitigation and workarounds
There is no fixed version available for gitlogplus. Users are advised to consider using alternative packages or implementing proper input validation and sanitization mechanisms (Snyk).
Additional resources
Source: This report was generated using AI
Related JavaScript vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management