Description
This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KILLPROCESSBYNAME-1078534
Related Vulnerabilities
CVE-2020-28438 Vulnerability in npm package deferred-exec
CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem
CVE-2023-47320 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war
CVE-2012-0391 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2019-14862 Vulnerability in maven package li.rudin.mavenjs:knockout