kill-port@1.2.0

Vulnerabilities

1 via 1 paths

Dependencies

16

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Arbitrary Command Injection

  • Vulnerable module: kill-port
  • Introduced through: kill-port@1.2.0

Detailed paths

  • Introduced through: kill-port@1.2.0
    Remediation: Upgrade to kill-port@1.3.2.

Overview

kill-port Kills the process running on given port.

Affected versions of this package are vulnerable to Arbitrary Command Injection. If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module.

Remediation

Upgrade kill-port to version 1.3.2 or higher.

References