Description

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

Remediation

References

https://snyk.io/vuln/SNYK-JS-KILLPROCESSONPORT-1055458

Related Vulnerabilities

CVE-2015-1369 Vulnerability in npm package sequelize

CVE-2022-31172 Vulnerability in npm package @openzeppelin/contracts

CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload

CVE-2023-39345 Vulnerability in npm package @strapi/plugin-users-permissions

CVE-2021-32859 Vulnerability in npm package baremetrics-calendar

Severity

Critical

Classification

CWE-78

Tags

Exploit Third Party Advisory