CVE-2021-23363

Опубликовано: 30 мар. 2021

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

Ссылки

https://github.com/GuyMograbi/kill-by-port/blob/16dcbe264b6b4a5ecf409661b42836dd286fd43f/index.js%23L8
Broken Link
https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8b30b7372c4
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531
Exploit
Third Party Advisory
https://github.com/GuyMograbi/kill-by-port/blob/16dcbe264b6b4a5ecf409661b42836dd286fd43f/index.js%23L8
Broken Link
https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8b30b7372c4
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kill-by-port_project:kill-by-port:*:*:*:*:*:node.js:*:*

Версия до 0.0.2 (исключая)

EPSS

Процентиль: 77%

0.00998

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-mm4f-47ch-f7hx

CVSS3: 6.3

github

почти 5 лет назад

Arbitrary code execution in kill-by-port

EPSS

Процентиль: 77%

0.00998

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78