find process info by port/pid/name etc.
latest non vulnerable version
8 years ago
latest version published
2 years ago
Known vulnerabilities in the find-process package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
find-process is a find process info by port/pid/name etc.
Affected versions of this package are vulnerable to Command Injection. When getting the information by PID and port number, the user needs to inform a value, which is used in a concatenation of an OS command. There is no user input check to know if the PID or the port is a number, as such, an attacker may send a malicious string that will be interpreted as an OS command.
How to fix Command Injection?