CVE-2021-26541
CRITICALgitlog < 4.0.4 - OS Command Injection via gitlog Function
Title source: llmDescription
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/domharrington/node-gitlog/pull/65
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/gitlog
Exploit, Third Party Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2020-4301
Scores
CVSS v3
9.8
EPSS
0.0536
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
gitlog_project/gitlog
< 4.0.4
npm/gitlog
0 - 4.0.4npm
Published
Feb 08, 2021
Tracked Since
Feb 18, 2026