EUVD-2021-1230

Malware in sbrugna...

PIDUsage Enables OS Command Injection

Overview Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept js var pid =...

roar-sdk (>=0.1.97 <=0.2.24) potentially affected by CVE-2021-23380 via roar-pidusage (=1.1.7)

roar-pidusage NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on roar-pidusage and may be impacted: - roar-sdk =0.1.97, =0.2.24 Source cves: CVE-2021-23380 Source advisory: OSV:GHSA-XFXF-QW26-HR33...

GHSA-XFXF-QW26-HR33 Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

Arbitrary Code Execution

roar-pidusage is vulnerable to arbitrary code execution. The vulnerability exists due to the lack of sanitization of user-provided input which is directly used in the childprocess.exec function...

CVE-2021-23380

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

npm roar-pidusage 命令注入漏洞

npm roar-pidusage is an application from the American company npm. It is used for cross-platform process cpu% and PID memory usage. roar-pidusage has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes ...

Arbitrary Command Injection

Overview roar-pidusage is a Cross-platform process cpu % and memory usage of a PID — Edit Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible f...

roar-sdk (>=0.1.97 <=0.2.24) potentially affected by CVE-2021-23380 via roar-pidusage (=1.1.7)

roar-pidusage NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on roar-pidusage and may be impacted: - roar-sdk =0.1.97, =0.2.24 Source cves: CVE-2021-23380 Source advisory: SNYK:JS-ROARPIDUSAGE-1078528...

GHSA-HFQ9-RFPV-J8R8 Command Injection in pidusage

Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept var pid = require'pidusage';...

Command Injection in pidusage

Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept var pid = require'pidusage';...

pidusage command injection vulnerability

pidusage is a cross-platform tool for monitoring CPU and memory usage. A command injection vulnerability exists in pidusage 1.1.4 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2017-1000220

soyuka/pidusage =1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution...

CVE-2017-1000220

The CVE-2017-1000220 entry concerns the pidusage library (version ≤ 1.1.4). The connected sources confirm that pidusage passes unsanitized input to child_process.exec(), enabling arbitrary command execution (command injection) in the ps-related functionality. Affected platforms include Darwin, Su...

Command Injection

pidusage is vulnerable to command injections. Unsanitized input given to childprocess.exec resulting in command injection in the ps method. This is caused because the pid is never cast to an integer as it expects. Windows and Linux are not vulnerable but Darwin, SunOS, FreeBSD, and AIX are...

Command Injection

Overview Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept var pid = require'pidusage'...