EPSS
Percentile
74.8%
proctree is vulnerable to OS command injection. The vulnerability exists in the getProcessTree function in index.js due to a lack of sanitization in shell metacharacters which allows attackers to execute arbitrary commands via the fix function.
getProcessTree
index.js
advisory.checkmarx.net/advisory/CX-2021-4783
github.com/advisories/GHSA-cv76-rv4h-4mqc
github.com/allenhwkim/proctree/blob/master/index.js#L46