GHSA-VM67-7VMG-66VM Arbitrary Command Injection in portprocesses

Impact An Arbitrary Command Injection vulnerability was reported in portprocesses impacting versions = 1.0.4. Example Proof of Concept The following example demonstrates the vulnerability and will run touch success therefore creating a file named success. js const portprocesses =...

CVE-2021-23359 Arbitrary Command Injection

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...