mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
874 B
874 B
CVE-2021-23348
Description
This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
POC
Reference
- https://github.com/rrainn/PortProcesses/security/advisories/GHSA-vm67-7vmg-66vm
- https://snyk.io/vuln/SNYK-JS-PORTPROCESSES-1078536
Github
No PoCs found on GitHub currently.