Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2020-7779 Vulnerability in npm package djvalidator

CVE-2020-27224 Vulnerability in npm package @theia/preview

CVE-2023-22893 Vulnerability in npm package @strapi/plugin-users-permissions

CVE-2020-28458 Vulnerability in maven package org.webjars.bower:datatables.net

CVE-2022-43405 Vulnerability in maven package io.jenkins.plugins:pipeline-groovy-lib

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory