It seems like it's been 120-day, has this disclosure not received a response from the vendor yet? Please make a decision in the next 2-day.
github-actionsbot
added
deadline
Disclosure deadline (120-day) reached & make a decision for disclosure
and removed
deadline
Disclosure deadline (120-day) reached & make a decision for disclosure
labels
Dec 4, 2021
Description
lib/cmd.jsin the node-windows package before1.0.0-beta.6for Node.js allows command injection via the PID parameter.CVE ID: CVE-2021-45459
Proof of Concept
Impact
This issue may lead to arbitrary command execution.
References
The text was updated successfully, but these errors were encountered: