4 matches found
GHSA-H2P3-H48H-9JJ7 PIDUsage Enables OS Command Injection
Overview Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept js var pid =...
PIDUsage Enables OS Command Injection
Overview Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept js var pid =...
GHSA-HFQ9-RFPV-J8R8 Command Injection in pidusage
Affected versions of pidusage pass unsanitized input to childprocess.exec, resulting in arbitrary code execution in the ps method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. Proof of Concept var pid = require'pidusage';...
Command Injection
pidusage is vulnerable to command injections. Unsanitized input given to childprocess.exec resulting in command injection in the ps method. This is caused because the pid is never cast to an integer as it expects. Windows and Linux are not vulnerable but Darwin, SunOS, FreeBSD, and AIX are...