Node Windows
1 CVEs
product
Monthly
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Microsoft
Node.js
Command Injection
Node Windows
NVD
GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-45459
npm
EPSS 4%
CVSS 9.8
CRITICAL
POC
PATCH
Act Now
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Microsoft
Node.js
Command Injection
+1
NVD
GitHub