Description
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.
Remediation
References
https://github.com/coreybutler/node-windows/compare/1.0.0-beta.5...1.0.0-beta.6
https://github.com/dwisiswant0/advisory/issues/4
https://security.netapp.com/advisory/ntap-20220107-0004/
Related Vulnerabilities
CVE-2023-30537 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui
CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2020-26272 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-36188 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs