Description
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
Remediation
References
https://github.com/nrako/psnode/blob/076f623689e4506d3647505daca13b3f482e0c31/lib/index.js%23L59
https://snyk.io/vuln/SNYK-JS-PSNODE-1078543
Related Vulnerabilities
CVE-2021-21626 Vulnerability in maven package io.jenkins.plugins:warnings-ng
CVE-2023-29519 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2022-38900 Vulnerability in maven package org.webjars.npm:decode-uri-component
CVE-2020-7677 Vulnerability in npm package thenify
CVE-2018-3722 Vulnerability in maven package org.webjars.npm:merge-deep