VYPR
Moderate severityGHSA Advisory· Published Apr 18, 2021· Updated Sep 16, 2024

Arbitrary Command Injection

CVE-2021-23380

Description

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
roar-pidusagenpm
<= 1.1.7

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.