3 matches found
CVE-2021-23359
This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
Input validation
This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
CVE-2021-23359
CVE-2021-23359 affects all versions of port-killer. The root cause is unsanitized attacker-controlled input passed to Node.js child_process.exec, enabling arbitrary command execution. Documentation and related advisories (GHSA-2548-Q746-X5X6, OSV, Veracode, Snyk entry) describe a PoC where runnin...