Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381PUBLISHED: 2021-04-18This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374PUBLISHED: 2021-04-18This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375PUBLISHED: 2021-04-18This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376PUBLISHED: 2021-04-18This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377PUBLISHED: 2021-04-18This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
User Rank: Apprentice
5/14/2017 | 6:53:40 AM
This statement is wrong.
Please, is not OWASP as foundation saying this. Project leaders are autonomous on deciding how to manage their projects, OWASP a foundation only supervises that Project leaders behave within a code of conduct and guidelines.
OWASP is a community and stands for OPEN therefore if you do not agree with something JOIN US and come discuss it. You have as a contributor all the power to influence the outcome of every single project and the Top 10 is one of them
Join the discussion and the list, even better , come to the OWASP SUMMIT 2017 in London
where Dave & Team will be there to discuss more about it