Lucene search
GitHub Advisory DatabaseGHSA-QHXV-296X-HJV7HistoryAug 29, 2022 - 8:06 p.m.
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
2022-08-2920:06:55
CWE-94
GitHub Advisory Database
github.com
9
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.9%
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.
Affected configurations
Node
pendo324get-process-by-nameRange0≥
| CPE | Name | Operator | Version |
|---|---|---|---|
| @pendo324/get-process-by-name | ge | 0 |
Related
nvd
nvd
CVE-2022-25644
2022-08-29 05:15:08
prion
prion
Design/Logic Flaw
2022-08-29 05:15:00
cvelist
cvelist
CVE-2022-25644 Arbitrary Code Execution
2022-08-29 00:00:00
cve
cve
CVE-2022-25644
2022-08-29 05:15:08
osv
osv
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
2022-08-29 20:06:55
veracode
veracode
Remote Code Execution
2022-08-30 05:44:50
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.9%
Related for GHSA-QHXV-296X-HJV7