You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /tmp/ws-scm/labs-air/ui/IoTCloudStarter/package.json
Path to vulnerable library: /tmp/ws-scm/labs-air/uiupgrade/IoTCloudStarter/node_modules/tree-kill/package.json,/tmp/ws-scm/labs-air/uiupgrade/IoTCloudStarter/node_modules/tree-kill/package.json
A Command Injection vulnerability found in tree-kill before 1.2.2. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems.
WS-2020-0005 - High Severity Vulnerability
Vulnerable Library - tree-kill-1.2.1.tgz
kill trees of processes
Library home page: https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.1.tgz
Path to dependency file: /tmp/ws-scm/labs-air/ui/IoTCloudStarter/package.json
Path to vulnerable library: /tmp/ws-scm/labs-air/uiupgrade/IoTCloudStarter/node_modules/tree-kill/package.json,/tmp/ws-scm/labs-air/uiupgrade/IoTCloudStarter/node_modules/tree-kill/package.json
Dependency Hierarchy:
Found in HEAD commit: 2b36f19c6531f1a3964d83923e752838cd9d62cb
Vulnerability Details
A Command Injection vulnerability found in tree-kill before 1.2.2. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems.
Publish Date: 2020-01-15
URL: WS-2020-0005
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/701183
Release Date: 2020-01-15
Fix Resolution: tree-kill - 1.2.2
The text was updated successfully, but these errors were encountered: