Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LSOF-543632
Related Vulnerabilities
CVE-2022-21718 Vulnerability in npm package electron
CVE-2020-29455 Vulnerability in npm package liveaddress
CVE-2020-7743 Vulnerability in maven package org.webjars.npm:mathjs
CVE-2021-23346 Vulnerability in npm package html-parse-stringify2
CVE-2021-42567 Vulnerability in maven package org.apereo.cas:cas-server-core-services