find-process is a find process info by port/pid/name etc.
Affected versions of this package are vulnerable to Command Injection. When getting the information by PID and port number, the user needs to inform a value, which is used in a concatenation of an OS command. There is no user input check to know if the PID or the port is a number, as such, an attacker may send a malicious string that will be interpreted as an OS command.
find-process to version 1.4.5 or higher.
- Snyk ID
- 01 Apr, 2021
- 25 Jun, 2021