This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JS-KILLPROCESSBYNAME-1078534 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-03-15 17:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-23356
Mitre link : CVE-2021-23356
CVE.ORG link : CVE-2021-23356
JSON object : View
Products Affected
kill-process-by-name_project
- kill-process-by-name
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')