GHSA-whq6-mj2r-mjqc

Source

https://github.com/advisories/GHSA-whq6-mj2r-mjqc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-whq6-mj2r-mjqc/GHSA-whq6-mj2r-mjqc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-whq6-mj2r-mjqc

Aliases

CVE-2019-10783

Published

2021-04-13T15:17:53Z

Modified

2026-03-13T21:56:37.172653Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

OS Command Injection in lsof

Details

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-29T22:11:57Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2020-01-29T22:15:00Z"
}

References

Affected packages

npm / lsof

Package

Name: lsof; View open source insights on deps.dev
Purl: pkg:npm/lsof

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.0.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-whq6-mj2r-mjqc/GHSA-whq6-mj2r-mjqc.json"