CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Input validation

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Design/Logic Flaw

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

Input validation

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23381 Arbitrary Command Injection

This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23375 Arbitrary Command Injection

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23376 Arbitrary Command Injection

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23377 Arbitrary Command Injection

This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23378 Arbitrary Command Injection

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary Command Injection

Overview ps-visitor is a Node.js visit command ps aux and kill. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

CVE-2021-28330

Technical details for CVE-2021-28330 are not publicly provided in the supplied documents. The sources reference the vulnerability by ID and a generic description; monitor for updates.

GHSA-MM4F-47CH-F7HX Arbitrary code execution in kill-by-port

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary code execution in kill-by-port

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

OS Command Injection in rpi

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

GHSA-2548-Q746-X5X6 Code injection in port-killer

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

Code injection in port-killer

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

OS Command Injection in lsof

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

GHSA-WHQ6-MJ2R-MJQC OS Command Injection in lsof

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

GHSA-QFXV-QQVG-24PG OS Command Injection in im-metadata

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...