Lucene search
K

6 matches found

Circl
Circl
added 2021/03/15 7:29 p.m.8 views

CVE-2021-23356

creationtimestamp| type| source ---|---|--- 2021-03-15 19:29:08+00:00| seen| https://t.me/cibsecurity/24906...

9.8CVSS8.7AI score0.01146EPSS
Exploits1References1
NVD
NVD
added 2021/03/15 5:15 p.m.13 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS0.01146EPSS
Exploits1References1
CVE
CVE
added 2021/03/15 4:40 p.m.56 views

CVE-2021-23356

CVE-2021-23356 affects all versions of the Node.js package kill-process-by-name. The root cause is use of child_process.exec without input sanitization in index.js, allowing attacker-controlled input to execute arbitrary commands. In practice, this enables arbitrary command execution with network...

9.8CVSS7.9AI score0.01146EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/15 4:40 p.m.17 views

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

5.6CVSS9.9AI score0.01146EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/03/15 4:38 p.m.3 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS5.8AI score0.01146EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/02/23 5:55 p.m.5 views

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

9.8CVSS7.2AI score0.01146EPSS
Exploits1
Rows per page
Query Builder