Vulnerabilities > CVE-2022-25644 - Unspecified vulnerability in Get-Process-By-Name Project Get-Process-By-Name
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28
- https://github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28
- https://security.snyk.io/vuln/SNYK-JS-PENDO324GETPROCESSBYNAME-2419094
- https://security.snyk.io/vuln/SNYK-JS-PENDO324GETPROCESSBYNAME-2419094