CVE-2021-23348
CVE-2021-23348 affects the portprocesses package (pre-1.0.5). The killProcess function accepts attacker-controlled input and uses child_process.exec without input sanitization, enabling arbitrary command execution. Exploitation details are supported by multiple sources (GHSA, OSV, NVD, Snyk) and ...