Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer

CVE-2021-44906 Vulnerability in npm package minimist

CVE-2020-35201 Vulnerability in maven package org.igniterealtime.openfire.plugins:bookmarks

CVE-2021-23433 Vulnerability in npm package algoliasearch-helper

CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-themes

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory