pidusage@1.0.4 vulnerabilities

licenses detected

MIT
>=0

View pidusage package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pidusage package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary Command Injection `pidusage` is a package for Cross-platform process cpu % and memory usage of a PID. Affected versions of the package are vulnerable to Arbitrary Command Injection. It passes user input to `child_process.exec` without sanitization, which causes a command injection vulnerability in the `ps` function due to never casting the PID to an integer. PoC: `var pid = require('pidusage'); pid.stat('1 && /usr/local/bin/python');` How to fix Arbitrary Command Injection? Upgrade `pidusage` to version 1.1.5 or higher.	<1.1.5

Arbitrary Command Injection

pidusage is a package for Cross-platform process cpu % and memory usage of a PID. Affected versions of the package are vulnerable to Arbitrary Command Injection. It passes user input to child_process.exec without sanitization, which causes a command injection vulnerability in the ps function due to never casting the PID to an integer.

PoC:

var pid = require('pidusage');
pid.stat('1 && /usr/local/bin/python');

How to fix Arbitrary Command Injection?

Upgrade pidusage to version 1.1.5 or higher.

<1.1.5

Go back to all versions of this package