CVE-2019-10783
OS Command Injection in lsof
9.8
CRITICAL
CVSS 3.1
EPSS 3.7%
Description
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
How to fix CVE-2019-10783
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- npm/lsof—no fix listed
Is CVE-2019-10783 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |