High severityOSV Advisory· Published Mar 21, 2021· Updated Sep 17, 2024
Arbitrary Command Injection
CVE-2021-23360
Description
This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
killportnpm | < 1.0.2 | 1.0.2 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fc42-h7q4-qp8hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23360ghsaADVISORY
- github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9ghsax_refsource_MISCWEB
- github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-KILLPORT-1078535ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.