Vulnerability Description
This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kill-By-Port Project | Kill-By-Port | < 0.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/GuyMograbi/kill-by-port/blob/16dcbe264b6b4a5ecf409661b42836ddBroken Link
- https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531ExploitThird Party Advisory
- https://github.com/GuyMograbi/kill-by-port/blob/16dcbe264b6b4a5ecf409661b42836ddBroken Link
- https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531ExploitThird Party Advisory
FAQ
What is CVE-2021-23363?
CVE-2021-23363 is a vulnerability with a CVSS score of 6.3 (MEDIUM). This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due t...
How severe is CVE-2021-23363?
CVE-2021-23363 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23363?
Check the references section above for vendor advisories and patch information. Affected products include: Kill-By-Port Project Kill-By-Port.