Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2020-7760 Vulnerability in maven package org.webjars:codemirror

CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api

CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2021-25946 Vulnerability in npm package nconf-toml

CVE-2023-38507 Vulnerability in npm package @strapi/plugin-users-permissions

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory