If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
[
{
"product": "kill-port",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "< 1.3.2"
}
]
}
]