Lucene search
+L

4 matches found

nvd
nvd
added 2021/03/31 3:15 p.m.9 views

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

8.8CVSS0.0182EPSS
Exploits1References4
osv
osv
added 2021/03/31 3:15 p.m.11 views

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

8.8CVSS7.5AI score
Exploits0References4
cve
cve
added 2021/03/31 2:25 p.m.45 views

CVE-2021-23348

CVE-2021-23348 affects the portprocesses package (pre-1.0.5). The killProcess function accepts attacker-controlled input and uses child_process.exec without input sanitization, enabling arbitrary command execution. Exploitation details are supported by multiple sources (GHSA, OSV, NVD, Snyk) and ...

8.8CVSS7.7AI score0.0182EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2021/03/31 2:25 p.m.19 views

CVE-2021-23348 Arbitrary Command Injection

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

6.3CVSS9.2AI score0.0182EPSS
Exploits1References4
Rows per page
Query Builder