Lucene search

SnykCVELIST:CVE-2022-25644

HistoryAug 29, 2022 - 5:05 a.m.

CVE-2022-25644 Arbitrary Code Execution

2022-08-2905:05:10

snyk

www.cve.org

cve-2022-25644

arbitrary code execution

improper sanitization

getprocessbyname function

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

75.8%

JSON

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.

CNA Affected

[
  {
    "product": "@pendo324/get-process-by-name",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28

security.snyk.io/vuln/SNYK-JS-PENDO324GETPROCESSBYNAME-2419094

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

75.8%

JSON

Related for CVELIST:CVE-2022-25644