Description

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

Remediation

References

https://snyk.io/vuln/SNYK-JS-KILLPROCESSONPORT-1055458

Related Vulnerabilities

CVE-2022-36887 Vulnerability in maven package org.jenkins-ci.plugins:jobconfighistory

CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder

CVE-2022-22912 Vulnerability in npm package plist

CVE-2019-18213 Vulnerability in maven package org.lsp4xml:lsp4xml-extensions

CVE-2021-27191 Vulnerability in npm package get-ip-range

Severity

Critical

Classification

CWE-78

Tags

Exploit Third Party Advisory