CVE-2021-34082: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

June 3, 2022

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.

References

advisory.checkmarx.net/advisory/CX-2021-4783
github.com/advisories/GHSA-cv76-rv4h-4mqc
github.com/allenhwkim/proctree/blob/master/index.js
nvd.nist.gov/vuln/detail/CVE-2021-34082

Code Behaviors & Features

Detect and mitigate CVE-2021-34082 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →