Description

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

Remediation

References

https://snyk.io/vuln/SNYK-JS-KILLPROCESSONPORT-1055458

Related Vulnerabilities

CVE-2021-28092 Vulnerability in maven package org.webjars.npm:is-svg

CVE-2020-28168 Vulnerability in maven package org.webjars.bower:axios

CVE-2023-34659 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.convertors

CVE-2021-21631 Vulnerability in maven package org.jenkins-ci.plugins:cloud-stats

Severity

Critical

Classification

CWE-78

Tags

Exploit Third Party Advisory