This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-04-18T18:45:21.360448Z
Updated: 2024-09-16T16:23:56.215Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23380
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-18T19:15:12.873
Modified: 2024-11-21T05:51:36.580
Link: CVE-2021-23380
Redhat
No data.