VYPR

npm package

pidusage

pkg:npm/pidusage

Vulnerabilities (2)

  • CVE-2017-16034criSep 1, 2020
    affected < 1.1.5fixed 1.1.5

    Affected versions of `pidusage` pass unsanitized input to `child_process.exec()`, resulting in arbitrary code execution in the `ps` method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. ## Proof of Concept ``

  • CVE-2017-1000220CriNov 17, 2017
    affected < 1.1.5fixed 1.1.5

    soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution