The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Node.js ts-process-promises: code execution via Command Injection

Synthesis of the vulnerability 

An attacker can use a vulnerability via Command Injection of Node.js ts-process-promises, in order to run code.
Vulnerable products: Nodejs Modules ~ not comprehensive.
Severity of this weakness: 2/4.
Creation date: 22/02/2021.
Références of this bulletin: NPM-1604, VIGILANCE-VUL-34638.

Description of the vulnerability 

An attacker can use a vulnerability via Command Injection of Node.js ts-process-promises, in order to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as Nodejs Modules ~ not comprehensive.

Our Vigil@nce team determined that the severity of this cybersecurity alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat 

Node.js ts-process-promises: workaround.
A workaround is to disable Node.js ts-process-promises.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities patch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.