Vulnerability Details CVE-2021-45459
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/coreybutler/node-windows/compare/1.0.0-beta.5...1.0.0-beta.6
- https://github.com/dwisiswant0/advisory/issues/4
- https://security.netapp.com/advisory/ntap-20220107-0004/
- https://github.com/coreybutler/node-windows/compare/1.0.0-beta.5...1.0.0-beta.6
- https://github.com/dwisiswant0/advisory/issues/4
- https://security.netapp.com/advisory/ntap-20220107-0004/
Products affected by CVE-2021-45459
-
cpe:2.3:a:node-windows_project:node-windows:0.0.1
-
cpe:2.3:a:node-windows_project:node-windows:0.0.2
-
cpe:2.3:a:node-windows_project:node-windows:0.1.0
-
cpe:2.3:a:node-windows_project:node-windows:0.1.1
-
cpe:2.3:a:node-windows_project:node-windows:0.1.10
-
cpe:2.3:a:node-windows_project:node-windows:0.1.11
-
cpe:2.3:a:node-windows_project:node-windows:0.1.12
-
cpe:2.3:a:node-windows_project:node-windows:0.1.13
-
cpe:2.3:a:node-windows_project:node-windows:0.1.14
-
cpe:2.3:a:node-windows_project:node-windows:0.1.2
-
cpe:2.3:a:node-windows_project:node-windows:0.1.4
-
cpe:2.3:a:node-windows_project:node-windows:0.1.5
-
cpe:2.3:a:node-windows_project:node-windows:0.1.6
-
cpe:2.3:a:node-windows_project:node-windows:0.1.7
-
cpe:2.3:a:node-windows_project:node-windows:0.1.9
-
cpe:2.3:a:node-windows_project:node-windows:1.0.0