Описание
This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kill-process-by-name_project:kill-process-by-name:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 80%
0.01432
Низкий
5.6 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
EPSS
Процентиль: 80%
0.01432
Низкий
5.6 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78