Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LSOF-543632
Related Vulnerabilities
CVE-2020-7760 Vulnerability in maven package org.webjars:codemirror
CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2021-25946 Vulnerability in npm package nconf-toml
CVE-2023-38507 Vulnerability in npm package @strapi/plugin-users-permissions