VYPR
Critical severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021

Command Injection in pidusage

CVE-2017-16034

Description

Affected versions of pidusage pass unsanitized input to child_process.exec(), resulting in arbitrary code execution in the ps method.

This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX.

Windows and Linux are not vulnerable.

Proof of

Concept `` var pid = require('pidusage'); pid.stat('1 && /usr/local/bin/python'); ``

Recommendation

Update to version 1.1.5 or later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pidusagenpm
< 1.1.51.1.5

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.