CVE-2021-23355

Name of the Vulnerable Software and Affected Versions ps-kill versions all

Description The issue affects the ps-kill package, where an attacker can execute arbitrary commands if attacker-controlled user input is given to the kill function. This is due to the use of the child process exec function without input sanitization in the index.js file. A proof of concept (PoC) demonstrates this vulnerability by using the kill function with a malicious input, such as $(touch success), which can lead to arbitrary command execution.

Recommendations As a temporary workaround, consider disabling the kill function until a patch is available. Restrict access to the index.js file to minimize the risk of exploitation. Avoid using the child process exec function with unsanitized user input in the kill function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.