6 matches found
Command Injection in killing
This affects all versions of package killing up to and including 1.0.6. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23381
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
Design/Logic Flaw
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23381
CVE-2021-23381 affects all versions of the npm package killing. The root cause is use of child_process.exec without input sanitization, enabling an attacker-controlled input to execute arbitrary commands. Public advisories (GHSA-CQ77-8JPX-892G, OSV entry) describe command injection impacting vers...
CVE-2021-23381 Arbitrary Command Injection
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23381
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...