VYPR
← All advisories
High severityNVD Advisory· Published Jun 1, 2022· Updated Aug 4, 2024

CVE-2021-34082

CVE-2021-34082

Description

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OS command injection in proctree npm package via `fix` function allows arbitrary command execution.

Vulnerability

OS Command Injection vulnerability in allenhwkim proctree through version 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js. The fix function does not sanitize user input, allowing attackers to inject arbitrary OS commands [1][2].

Exploitation

An attacker can control the input to the fix function, which is then passed unsanitized to a shell command. This enables execution of arbitrary commands with the privileges of the Node.js process [2].

Impact

Successful exploitation results in remote code execution (RCE), leading to full system compromise, data theft, or further network attacks [1].

Mitigation

No fixed version has been released. The repository appears unmaintained. Users should avoid using the fix function with untrusted input or consider replacing the package [3][4].

References
  1. NVD - CVE-2021-34082
  2. proctree/index.js at master · allenhwkim/proctree
  3. GitHub - allenhwkim/proctree: Get or show process tree
  4. Checkmarx Advisory

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
proctreenpm
<= 0.1.1

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.