CVE-2021-23359

Name of the Vulnerable Software and Affected Versions port-killer versions all

Description The issue allows an attacker to execute arbitrary commands if attacker-controlled user input is given. This is due to the use of the child process exec function without input sanitization. For example, running a proof of concept will cause the command touch success to be executed, leading to the creation of a file called success.

Recommendations For all versions, consider disabling the use of the child process exec function until a patch is available. Restrict access to user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.