6.0.8
12 years ago
9 days ago
Known vulnerabilities in the pm2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
pm2 is a production process manager for Node.js applications with a built-in load balancer. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the function Note: This vulnerability is being verified and the advisory may be updated to reflect new information. How to fix Regular Expression Denial of Service (ReDoS)? A fix was pushed into the | * |
pm2 is a production process manager for Node.js applications with a built-in load balancer. Affected versions of this package are vulnerable to Command Injection. It is possible to execute arbitrary commands within the PoC by bl4de
How to fix Command Injection? Upgrade | <4.3.0 |
pm2 is a production process manager for Node.js applications with a built-in load balancer. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of user input in the PoC by bl4de
How to fix Command Injection? Upgrade | <4.3.0 |