diff --git a/2021/23xxx/CVE-2021-23360.json b/2021/23xxx/CVE-2021-23360.json index d19482aec85..90980fb896a 100644 --- a/2021/23xxx/CVE-2021-23360.json +++ b/2021/23xxx/CVE-2021-23360.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535", + "name": "https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9" + "refsource": "MISC", + "url": "https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9", + "name": "https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638" + "refsource": "MISC", + "url": "https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638", + "name": "https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package killport before 1.0.2.\n If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization.\r\n\r\nRunning this PoC will cause the command touch success to be executed, leading to the creation of a file called success.\r\n\r\n" + "value": "This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success." } ] },