Arbitrary Command Injection

This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

N/A

Npm Kill-Process-By-Name 命令注入漏洞

Npm Kill-Process-By-Name是美国 （Npm）公司的一个应用软件。使用程序名杀死程序的所有进程。。 kill-process-by-name 存在安全漏洞，攻击者可利用该漏洞执行任意命令。

N/A

N/A