Description

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

Remediation

References

https://snyk.io/vuln/SNYK-JS-KILLPROCESSONPORT-1055458

Related Vulnerabilities

CVE-2023-26488 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.12

CVE-2021-3461 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2020-7727 Vulnerability in npm package gedi

CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher

Severity

Critical

Classification

CWE-78

Tags

Exploit Third Party Advisory