VulnerableCode Package Details - pkg:npm/pidusage@1.0.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-6zte-e3ar-gua9 Aliases: CVE-2017-1000220 GHSA-h2p3-h48h-9jj7	PIDUsage Enables OS Command Injection ### Overview Affected versions of pidusage pass unsanitized input to `child_process.exec()`, resulting in arbitrary code execution in the `ps` method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. ### Proof of Concept ```js var pid = require('pidusage'); pid.stat('1 && /usr/local/bin/python'); ``` ### Remediation Update to version 1.1.5 or later.	1.1.5 Affected by 0 other vulnerabilities.
VCID-ba2z-xjzy-xbep Aliases: CVE-2017-16034 GHSA-hfq9-rfpv-j8r8 GMS-2020-757	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pidusage.	1.1.5 Affected by 0 other vulnerabilities.
VCID-zqxw-jzqq-akfw Aliases: GMS-2017-137	Command Injection The pidusage module passes unsanitized input to child_process.exec, resulting in command injection in the ps method, as the pid is never cast to an integer as the comment expects. This module is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable.	1.1.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6zte-e3ar-gua9
Aliases:
CVE-2017-1000220
GHSA-h2p3-h48h-9jj7

PIDUsage Enables OS Command Injection ### Overview Affected versions of pidusage pass unsanitized input to `child_process.exec()`, resulting in arbitrary code execution in the `ps` method. This package is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable. ### Proof of Concept ```js var pid = require('pidusage'); pid.stat('1 && /usr/local/bin/python'); ``` ### Remediation Update to version 1.1.5 or later.

1.1.5
Affected by 0 other vulnerabilities.

VCID-ba2z-xjzy-xbep
Aliases:
CVE-2017-16034
GHSA-hfq9-rfpv-j8r8
GMS-2020-757

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pidusage.

1.1.5
Affected by 0 other vulnerabilities.

VCID-zqxw-jzqq-akfw
Aliases:
GMS-2017-137

Command Injection The pidusage module passes unsanitized input to child_process.exec, resulting in command injection in the ps method, as the pid is never cast to an integer as the comment expects. This module is vulnerable to this PoC on Darwin, SunOS, FreeBSD, and AIX. Windows and Linux are not vulnerable.

1.1.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T01:46:54.550982+00:00	GitLab Importer	Affected by	VCID-6zte-e3ar-gua9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pidusage/CVE-2017-1000220.yml	38.6.0
2026-06-04T20:35:07.465285+00:00	GitLab Importer	Affected by	VCID-ba2z-xjzy-xbep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pidusage/GMS-2020-757.yml	38.6.0
2026-06-04T20:08:09.403137+00:00	GitLab Importer	Affected by	VCID-zqxw-jzqq-akfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pidusage/GMS-2017-137.yml	38.6.0