Description
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/390848
Scores
CVSS v3
9.8
EPSS
0.0286
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
CWE-78
Status
published
Products (2)
npm/ps
0 - 1.0.0npm
umbraengineering/ps
< 1.0.0
Published
Sep 07, 2018
Tracked Since
Feb 18, 2026