EPSS
Percentile
76.1%
killing is vulnerable to arbitrary code execution. The vulnerability exists as it does not sanitize the argument that is used in child_process.exec, allowing users to use the function outside of its intended behaviour, which was to kill processes.
child_process.exec
github.com/xudafeng/killing/blob/672ed164ccdd10c0a8fb93c5c6d2456f1dfab781/lib/killing.js%23L62
github.com/xudafeng/killing/commit/ab4a5e7ebc8cee538afb35ee1b2bd59cfdb06e6d#diff-f98634412b509bc53dc9a2d8442fd1fe285766c2ee9f8bf3382f4fb6711df45fR36