find-process@1.3.0 vulnerabilities
find process info by port/pid/name etc.
-
latest version
1.4.7
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
3 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the find-process package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
find-process is a find process info by port/pid/name etc. Affected versions of this package are vulnerable to Command Injection. When getting the information by PID and port number, the user needs to inform a value, which is used in a concatenation of an OS command. There is no user input check to know if the PID or the port is a number, as such, an attacker may send a malicious string that will be interpreted as an OS command. How to fix Command Injection? Upgrade |
<1.4.5
|