CVE-2019-10783 – lsof

Package

Manager: npm
Name: lsof
Vulnerable Version: >=0 <=0.0.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03665 pctl0.87422

Details

OS Command Injection in lsof All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Metadata

Created: 2021-04-13T15:17:53Z
Modified: 2021-03-29T22:11:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-whq6-mj2r-mjqc/GHSA-whq6-mj2r-mjqc.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-whq6-mj2r-mjqc
Finding: F404
Auto approve: 1