Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Remediation
References
https://snyk.io/vuln/SNYK-JS-LSOF-543632
Related Vulnerabilities
CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2017-18355 Vulnerability in npm package rendertron-middleware
CVE-2019-17558 Vulnerability in maven package org.apache.solr:solr-velocity
CVE-2022-25881 Vulnerability in maven package org.webjars.npm:http-cache-semantics
CVE-2023-34612 Vulnerability in maven package com.helger.commons:ph-json