Homepage
About Snyk

port-killer@1.0.0 vulnerabilities

Kills the process running on a given port (assuming you have permission to do so)

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the port-killer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Injection

port-killer is a Kills the process running on a given port (assuming you have permission to do so)

Affected versions of this package are vulnerable to Arbitrary Command Injection. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.

PoC (provided by reporter):

var port_killer = require('port-killer');

port_killer('$(touch success)');

How to fix Arbitrary Command Injection?

There is no fixed version for port-killer.

*
Go back to all versions of this package