Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdocTYtbWoyci1tanFj
OS Command Injection in lsof
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
Permalink: https://github.com/advisories/GHSA-whq6-mj2r-mjqcJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdocTYtbWoyci1tanFj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-whq6-mj2r-mjqc, CVE-2019-10783
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10783
- https://snyk.io/vuln/SNYK-JS-LSOF-543632
- https://github.com/advisories/GHSA-whq6-mj2r-mjqc
Affected Packages
npm:lsof
Dependent packages: 18Dependent repositories: 242
Downloads: 30,137 last month
Affected Version Ranges: <= 0.0.4
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4