@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Npm Kill-Process-By-Name 命令注入漏洞

Npm Kill-Process-By-Name is an application from Npm, Inc. that kills all processes of a program using the program name. It kills all processes of a program using the program name. A security vulnerability exists in kill-process-by-name, which can be exploited by an attacker to execute arbitrary...

Arbitrary Command Injection

Overview kill-process-by-name is a Kills all processes by a certain program Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...