Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LSOF-543632
Related Vulnerabilities
CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13
CVE-2018-3715 Vulnerability in npm package glance
CVE-2021-23327 Vulnerability in npm package apexcharts
CVE-2022-0686 Vulnerability in npm package url-parse
CVE-2021-43466 Vulnerability in maven package org.thymeleaf:thymeleaf-spring5