Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2020-7709 Vulnerability in npm package json-pointer

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-components

CVE-2020-27885 Vulnerability in maven package org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature

CVE-2022-25912 Vulnerability in npm package simple-git

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory