CVE-2017-1000219

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user...

Command Execution in windows-cpu

Version of windows-cpu before 0.1.5 will execute arbitrary code passed into the first argument of the findLoad method, resulting in remote code execution. Proof of Concept js var win = require'windows-cpu'; wind.findLoad'foo & calc.exe'; Recommendation Update to version 0.1.5 or later...

GHSA-63M4-FHF2-CMF7 Command Execution in windows-cpu

Version of windows-cpu before 0.1.5 will execute arbitrary code passed into the first argument of the findLoad method, resulting in remote code execution. Proof of Concept js var win = require'windows-cpu'; wind.findLoad'foo & calc.exe'; Recommendation Update to version 0.1.5 or later...

sysmonitor-client (>=0.0.1 <=1.0.0), sytemmonitor-client (=0.0.1) potentially affected by CVE-2017-1000219 via windows-cpu (=0.1.4)

windows-cpu NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on windows-cpu and may be impacted: - sysmonitor-client =0.0.1, =1.0.0 - sytemmonitor-client =0.0.1 Source cves: CVE-2017-1000219 Source advisory: OSV:GHSA-63M4-FHF2-CMF7...

npm/KyleRoss windows-cpu command injection vulnerability

npm/KyleRoss windows-cpu is an American software developer KyleRoss developed a set of CPU monitoring program for use on the Windows platform. A command injection vulnerability exists in npm/KyleRoss windows-cpu. An attacker can exploit the vulnerability to execute code as a Node.js user...

CVE-2017-1000219

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user...

CVE-2017-1000219

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user...

CVE-2017-1000219

CVE-2017-1000219 (npm/kyleRoss windows-cpu) : All versions vulnerable to command injection causing remote code execution as the Node.js user. The technical basis is that the package’s findLoad method passes user input directly to the shell without validation, enabling arbitrary commands. Document...

CVE-2017-1000219

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user...

Arbitrary Command Execution

windows-cpu is vulnerable to arbitrary command execution. This is because the findLoad method doesn't sanitize or perform any validation before passing user-input to the shell...

Command Execution

Overview Version of windows-cpu before 0.1.5 will execute arbitrary code passed into the first argument of the findLoad method, resulting in remote code execution. Proof of Concept var win = require'windows-cpu'; wind.findLoad'foo & calc.exe'; Recommendation Update to version 0.1.5 or later...