High severityNVD Advisory· Published Apr 18, 2021· Updated Sep 16, 2024
Arbitrary Command Injection
CVE-2021-23379
Description
This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
portkillernpm | <= 1.0.3 | — |
Affected products
2- portkiller/portkillerdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-r6fw-8m27-43c9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23379ghsaADVISORY
- github.com/indatawetrust/portkiller/blob/f1f1c5076d9c5d60e8dd3930e98d665d8191aa7a/index.js%23L10ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-PORTKILLER-1078537ghsax_refsource_MISCWEB
- www.npmjs.com/package/portkillerghsaWEB
News mentions
0No linked articles in our index yet.