Homepage

pidusage@1.0.4 vulnerabilities

Cross-platform process cpu % and memory usage of a PID

  • latest version

    4.0.1

  • latest non vulnerable version

    4.0.1

  • first published

    11 years ago

  • latest version published

    5 months ago

  • licenses detected

  • View pidusage package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the pidusage package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Command Injection

    pidusage is a package for Cross-platform process cpu % and memory usage of a PID. Affected versions of the package are vulnerable to Arbitrary Command Injection. It passes user input to child_process.exec without sanitization, which causes a command injection vulnerability in the ps function due to never casting the PID to an integer.

    PoC:

    var pid = require('pidusage');
pid.stat('1 && /usr/local/bin/python');

    How to fix Arbitrary Command Injection?

    Upgrade pidusage to version 1.1.5 or higher.

    <1.1.5
    Go back to all versions of this package