CVE-2021-23380
low-risk
Published 2021-04-18
This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
Do I need to act?
-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Roar-Pidusage
Affected Vendors
References (4)
25
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal