{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:53:59.113","vulnerabilities":[{"cve":{"id":"CVE-2021-23363","sourceIdentifier":"report@snyk.io","published":"2021-03-30T15:15:15.480","lastModified":"2024-11-21T05:51:34.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization."},{"lang":"es","value":"Esto afecta al paquete kill-by-port versiones anteriores a 0.0.2. Si se proporciona una entrada de usuario (controlada por el atacante) para la función killByPort, es posible que un atacante ejecute comandos arbitrarios. Esto se debe al uso de la función exec child_process sin saneamiento de entrada."}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kill-by-port_project:kill-by-port:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.0.2","matchCriteriaId":"2B88295A-4BAB-4BDC-80AC-F35DF542DCF8"}]}]}],"references":[{"url":"https://github.com/GuyMograbi/kill-by-port/blob/16dcbe264b6b4a5ecf409661b42836dd286fd43f/index.js%23L8","source":"report@snyk.io","tags":["Broken Link"]},{"url":"https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8b30b7372c4","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/GuyMograbi/kill-by-port/blob/16dcbe264b6b4a5ecf409661b42836dd286fd43f/index.js%23L8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8b30b7372c4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}