2 matches found
CVE-2021-23360
The CVE-2021-23360 entry affects the Node.js module killport prior to 1.0.2, which uses child_process.exec without input sanitization. This allows an attacker-controlled input to trigger arbitrary command execution (e.g., PoC that creates a file named “success”). Documentation from Snyk, GHSA, Ve...
CVE-2021-23360 Arbitrary Command Injection
This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...