4 matches found
CVE-2021-23348
This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23348
This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23348
CVE-2021-23348 affects the portprocesses package (pre-1.0.5). The killProcess function accepts attacker-controlled input and uses child_process.exec without input sanitization, enabling arbitrary command execution. Exploitation details are supported by multiple sources (GHSA, OSV, NVD, Snyk) and ...
CVE-2021-23348 Arbitrary Command Injection
This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...