PT-2022-17431 · Npm · @Pendo324/Get-Process-By-Name
Feng Xiao
+1
·
Published
2022-08-29
·
Updated
2023-08-08
·
CVE-2022-25644
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
@pendo324/get-process-by-name versions all
Description
The issue is related to Arbitrary Code Execution due to improper sanitization of the
getProcessByName function. This allows for potential code execution without proper validation.Recommendations
For all versions, consider disabling the
getProcessByName function until a patch is available to prevent potential Arbitrary Code Execution. Restrict access to this function to minimize the risk of exploitation.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
@Pendo324/Get-Process-By-Name