EPSS
Percentile
86.2%
lsof is vulnerable to command injection. The vulnerability exists as the unvalidated value of port is used in cp.exec.
port
cp.exec
github.com/davglass/node-lsof/blob/628a457434031d321038ef4b39da72c519e2949e/lib/lsof.js#L37