Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LSOF-543632
Related Vulnerabilities
CVE-2020-7729 Vulnerability in npm package grunt
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity
CVE-2021-43306 Vulnerability in npm package jquery-validation
CVE-2021-21350 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui