Lucene search
K

11 matches found

OSV
OSV
added 2022/08/29 8:6 p.m.10 views

GHSA-QHXV-296X-HJV7 @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function...

9.8CVSS9.7AI score0.0122EPSS
Exploits1References4
Prion
Prion
added 2022/08/29 5:15 a.m.17 views

Design/Logic Flaw

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function...

7.5CVSS9.6AI score0.0122EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.3 views

PT-2022-17431 · Npm · @Pendo324/Get-Process-By-Name

Name of the Vulnerable Software and Affected Versions: @pendo324/get-process-by-name versions all Description: The issue is related to Arbitrary Code Execution due to improper sanitization of the getProcessByName function. This allows for potential code execution without proper validation...

9.8CVSS9.6AI score0.0122EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.3 views

get-process-by-name 安全漏洞

get-process-by-name is a library by Justin Personal Developer. Get process letters using executable names. A security vulnerability exists in all versions of the get-process-by-name package that stems from its mishandling of the getProcessByName function leading to arbitrary code execution...

9.8CVSS7.7AI score0.0122EPSS
Exploits1References3
Snyk
Snyk
added 2022/03/07 9:16 a.m.2 views

Arbitrary Code Execution

Overview @pendo324/get-process-by-name is a Returns a list of processes that match a process name Affected versions of this package are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. PoC js const getProcessByName =...

9.8CVSS7.2AI score0.0122EPSS
Exploits1References2
OSV
OSV
added 2021/03/19 9:19 p.m.1 views

GHSA-QC65-CGVR-93P6 Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS7.4AI score0.01146EPSS
Exploits1References2
NVD
NVD
added 2021/03/15 5:15 p.m.13 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS0.01146EPSS
Exploits1References1
CVE
CVE
added 2021/03/15 4:40 p.m.56 views

CVE-2021-23356

CVE-2021-23356 affects all versions of the Node.js package kill-process-by-name. The root cause is use of child_process.exec without input sanitization in index.js, allowing attacker-controlled input to execute arbitrary commands. In practice, this enables arbitrary command execution with network...

9.8CVSS7.9AI score0.01146EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/15 4:40 p.m.29 views

CVE-2021-23356 Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

5.6CVSS9.9AI score0.01146EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/03/15 4:38 p.m.3 views

CVE-2021-23356

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS5.8AI score0.01146EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/02/23 5:55 p.m.5 views

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

9.8CVSS7.2AI score0.01146EPSS
Exploits1
Rows per page
Query Builder