Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2020-7729 Vulnerability in npm package grunt

CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity

CVE-2021-43306 Vulnerability in npm package jquery-validation

CVE-2021-21350 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory