Description

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Remediation

References

https://snyk.io/vuln/SNYK-JS-LSOF-543632

Related Vulnerabilities

CVE-2021-23440 Vulnerability in npm package set-value

CVE-2020-28479 Vulnerability in npm package jointjs

CVE-2022-29256 Vulnerability in npm package sharp

CVE-2019-19507 Vulnerability in npm package jpv

CVE-2020-28277 Vulnerability in npm package dset

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory