GCVE - cpe:2.3:a:n/a:@graphql-tools/git-loader:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:@graphql-tools/git-loader:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	@Graphql Tools/Git Loader (`74c4975f-7386-53d0-8a1b-6bbb827c20cf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-23326`	vulnerable	2026-06-08 05:30:02.662937	Command Injection MEDIUM (6.3) This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection. Published: 2021-01-20T12:30:15.626Z Updated: 2024-09-17T02:15:33.530Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-JS-GRAPHQLTOOLSGITLOADER-1062543 https://github.com/ardatan/graphql-tools/commit/6a966beee8ca8b2f4adfe93318b96e4a5c501eac https://github.com/ardatan/graphql-tools/pull/2470 https://github.com/ardatan/graphql-tools/releases/tag/%40graphql-tools%2Fgit-loader%406.2.6 https://advisory.checkmarx.net/advisory/CX-2020-4300	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.