All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JS-LSOF-543632 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-01-29 22:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-10783
Mitre link : CVE-2019-10783
CVE.ORG link : CVE-2019-10783
JSON object : View
Products Affected
isof_project
- isof
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')