CVE-2022-25644

Опубликовано: 29 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.

Ссылки

https://github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28
Broken Link
https://security.snyk.io/vuln/SNYK-JS-PENDO324GETPROCESSBYNAME-2419094
Exploit
Third Party Advisory
https://github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28
Broken Link
https://security.snyk.io/vuln/SNYK-JS-PENDO324GETPROCESSBYNAME-2419094
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:get-process-by-name_project:get-process-by-name:*:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00894

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-qhxv-296x-hjv7