Lucene search
K

6 matches found

OSV
OSV
added 2021/03/19 9:19 p.m.24 views

GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS7.4AI score0.01146EPSS
Exploits1References2
NVD
NVD
added 2021/03/15 5:15 p.m.36 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS0.01146EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/03/15 4:40 p.m.34 views

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

5.6CVSS9.9AI score0.01146EPSS
Exploits1References1
CVE
CVE
added 2021/03/15 4:40 p.m.56 views

CVE-2021-23356

CVE-2021-23356 affects all versions of the Node.js package kill-process-by-name. The root cause is use of child_process.exec without input sanitization in index.js, allowing attacker-controlled input to execute arbitrary commands. In practice, this enables arbitrary command execution with network...

9.8CVSS7.9AI score0.01146EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/15 4:38 p.m.3 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS5.8AI score0.01146EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/02/23 5:55 p.m.5 views

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

9.8CVSS7.2AI score0.01146EPSS
Exploits1
Rows per page
Query Builder