Critical severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021
Command Injection in pidusage
CVE-2017-16034
Description
Affected versions of pidusage pass unsanitized input to child_process.exec(), resulting in arbitrary code execution in the ps method.
This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX.
Windows and Linux are not vulnerable.
Proof of
Concept `` var pid = require('pidusage'); pid.stat('1 && /usr/local/bin/python'); ``
Recommendation
Update to version 1.1.5 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pidusagenpm | < 1.1.5 | 1.1.5 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-hfq9-rfpv-j8r8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16034ghsaADVISORY
- www.npmjs.com/advisories/356ghsaWEB
News mentions
0No linked articles in our index yet.