VYPR

npm package

kill-port

pkg:npm/kill-port

Malware

2 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2019-5414Mar 17, 2019
    affected < 1.3.2fixed 1.3.2

    If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.