Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13

CVE-2018-3715 Vulnerability in npm package glance

CVE-2021-23327 Vulnerability in npm package apexcharts

CVE-2022-0686 Vulnerability in npm package url-parse

CVE-2021-43466 Vulnerability in maven package org.thymeleaf:thymeleaf-spring5

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory