Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381PUBLISHED: 2021-04-18This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374PUBLISHED: 2021-04-18This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375PUBLISHED: 2021-04-18This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376PUBLISHED: 2021-04-18This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377PUBLISHED: 2021-04-18This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
User Rank: Apprentice
12/15/2015 | 4:29:15 PM
Unfortunately, the idea that enterprises can "extend-the-perimeter" by establishing trust with user and devices doesn't work in the new outside-in world where all users are accessing internal company data and application from the Internet. With exploits like the recent StageFright, the reality is we can never be sure that trust, once established, has not been compromised.