CVE-2017-1000220

Name of the Vulnerable Software and Affected Versions soyuka/pidusage versions 1.1.4 and earlier

Description The issue allows for command injection in the module, resulting in arbitrary command execution. Affected versions of pidusage pass unsanitized input to child process.exec(), leading to arbitrary code execution in the ps method. This affects Darwin, SunOS, FreeBSD, and AIX, while Windows and Linux are not vulnerable.

Recommendations Update to version 1.1.5 or later. As a temporary workaround, consider avoiding the use of the ps method in the pidusage module until the issue is resolved. Restrict access to the child process.exec() function to minimize the risk of exploitation.