Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381PUBLISHED: 2021-04-18This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374PUBLISHED: 2021-04-18This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375PUBLISHED: 2021-04-18This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376PUBLISHED: 2021-04-18This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377PUBLISHED: 2021-04-18This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
User Rank: Author
8/19/2014 | 6:23:09 PM
@aws0513 - thanks for sharing your thoughts on the issue of sharing and access to sensitive data. I agree with you that us humans are the weak links in the chain. The need to know concept has been deployed successfully in the classified networks (albeit closed) using technology tools. The challenge we are faced with is the evolution of distributed public data repositories (cloud storage) and agile processes where access to data from anywhere, any device and anytime is key to the success of businesses. In fact the "need to know" paradigm can be implemented especially for cloud apps using cloud app control solutions (also referred to as cloud access security brokers) that provide granular policy enforcement for activities that deal with sensitive data like sharing.