Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LSOF-543632
Related Vulnerabilities
CVE-2023-36469 Vulnerability in maven package org.xwiki.platform:xwiki-platform-notifications-ui
CVE-2023-45311 Vulnerability in npm package fsevents
CVE-2020-28280 Vulnerability in npm package predefine
CVE-2021-21423 Vulnerability in npm package projen
CVE-2022-36527 Vulnerability in maven package com.jflyfox:jflyfox_jfinal