CVE-2021-23380 — MEDIUM (5.6)

Vulnerability Description

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Roar-Pidusage Project	Roar-Pidusage	All versions

Related Weaknesses (CWE)

CWE-78

References

https://github.com/Svjard/pidusage/blob/772cd2bd675ff7b1244b6fe3d7541692b1b9e42cBroken Link
https://snyk.io/vuln/SNYK-JS-ROARPIDUSAGE-1078528ExploitThird Party Advisory
https://github.com/Svjard/pidusage/blob/772cd2bd675ff7b1244b6fe3d7541692b1b9e42cBroken Link
https://snyk.io/vuln/SNYK-JS-ROARPIDUSAGE-1078528ExploitThird Party Advisory

FAQ

What is CVE-2021-23380?

CVE-2021-23380 is a vulnerability with a CVSS score of 5.6 (MEDIUM). This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec...

How severe is CVE-2021-23380?

CVE-2021-23380 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23380?

Check the references section above for vendor advisories and patch information. Affected products include: Roar-Pidusage Project Roar-Pidusage.