Moderate severityGHSA Advisory· Published Apr 18, 2021· Updated Sep 16, 2024
Arbitrary Command Injection
CVE-2021-23380
Description
This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
roar-pidusagenpm | <= 1.1.7 | — |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-xfxf-qw26-hr33ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23380ghsaADVISORY
- github.com/Svjard/pidusage/blob/772cd2bd675ff7b1244b6fe3d7541692b1b9e42c/lib/stats.js%23L103ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-ROARPIDUSAGE-1078528ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.