CVE-2021-23360

Name of the Vulnerable Software and Affected Versions killport versions prior to 1.0.2

Description The issue allows an attacker to execute arbitrary commands if attacker-controlled user input is given. This is due to the use of the child process exec function without input sanitization. For example, running a proof of concept will cause the command touch success to be executed, leading to the creation of a file called success.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of the child process exec function until a patch is available. Restrict access to user input to minimize the risk of exploitation. Avoid using unsanitized user input in the affected function until the issue is resolved.