Описание
Arbitrary command execution in roar-pidusage
This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
Пакеты
Наименование
roar-pidusage
npm
Затронутые версииВерсия исправления
<= 1.1.7
Отсутствует
Связанные уязвимости
CVSS3: 5.6
nvd
почти 5 лет назад
This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.