Description

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

Remediation

References

https://snyk.io/vuln/SNYK-JS-KILLPROCESSONPORT-1055458

Related Vulnerabilities

CVE-2018-3719 Vulnerability in maven package org.webjars.npm:mixin-deep

CVE-2020-26302 Vulnerability in maven package org.webjars.bowergithub.arasatasaygin:is.js

CVE-2020-11023 Vulnerability in npm package jquery

CVE-2022-36079 Vulnerability in npm package parse-server

CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble

Severity

High

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Exploit Third Party Advisory