11 matches found
GHSA-QHXV-296X-HJV7 @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function...
Design/Logic Flaw
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function...
PT-2022-17431 · Npm · @Pendo324/Get-Process-By-Name
Name of the Vulnerable Software and Affected Versions: @pendo324/get-process-by-name versions all Description: The issue is related to Arbitrary Code Execution due to improper sanitization of the getProcessByName function. This allows for potential code execution without proper validation...
get-process-by-name 安全漏洞
get-process-by-name is a library by Justin Personal Developer. Get process letters using executable names. A security vulnerability exists in all versions of the get-process-by-name package that stems from its mishandling of the getProcessByName function leading to arbitrary code execution...
Arbitrary Code Execution
Overview @pendo324/get-process-by-name is a Returns a list of processes that match a process name Affected versions of this package are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. PoC js const getProcessByName =...
GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name
This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...
CVE-2021-23356
This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...
CVE-2021-23356
CVE-2021-23356 affects all versions of the Node.js package kill-process-by-name. The root cause is use of child_process.exec without input sanitization in index.js, allowing attacker-controlled input to execute arbitrary commands. In practice, this enables arbitrary command execution with network...
CVE-2021-23356 Arbitrary Command Injection
This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...
CVE-2021-23356
This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...
@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)
kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...