npm package
pidusage
pkg:npm/pidusage
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16034 | cri | — | < 1.1.5 | 1.1.5 | Sep 1, 2020 | Affected versions of `pidusage` pass unsanitized input to `child_process.exec()`, resulting in arbitrary code execution in the `ps` method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. ## Proof of Concept `` | |
| CVE-2017-1000220 | Cri | 9.8 | < 1.1.5 | 1.1.5 | Nov 17, 2017 | soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution |
- affected < 1.1.5fixed 1.1.5
Affected versions of `pidusage` pass unsanitized input to `child_process.exec()`, resulting in arbitrary code execution in the `ps` method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. ## Proof of Concept ``
- affected < 1.1.5fixed 1.1.5
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution