admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-21 16:00:41 +00:00
parent 360dad0f4c
commit f94963e9ef
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2021/23xxx/CVE-2021-23360.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535",
"name": "https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9"
"refsource": "MISC",
"url": "https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9",
"name": "https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638"
"refsource": "MISC",
"url": "https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638",
"name": "https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package killport before 1.0.2.\n If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization.\r\n\r\nRunning this PoC will cause the command touch success to be executed, leading to the creation of a file called success.\r\n\r\n"
"value": "This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success."
}
]
},