CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

GHSA-J7FQ-P9Q7-5WFV Treekill Enables OS Command Injection

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...

@angular-devkit/build-angular (>=0.8.8 <=0.900.0-rc.8), @apployees-nx/node (>=0.0.1 <=0.0.21) +188 more potentially affected by CVE-2019-15598 via tree-kill (>=0.0.6 <=1.2.1)

tree-kill NPM version =0.0.6, =0.8.8, =0.0.1, =0.0.1-alpha.1, =1.2.2, =6.0.0, =0.0.1, =0.0.1, =2.0.0-beta.22, =2.0.0-beta.1, =1.0.0, =0.0.1, =0.2.0, =7.0.2 and more Source cves: CVE-2019-15598 Source advisory: OSV:GHSA-J7FQ-P9Q7-5WFV...

GHSA-MXQ6-VRRR-PPMG Duplicate Advisory: tree-kill vulnerable to remote code execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-884p-74jh-xrg2. Ths link is maintained to preserve external references. Original Description A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to contr...

@angular-devkit/build-angular (>=0.8.8 <=0.900.0-rc.8), @apployees-nx/node (>=0.0.1 <=0.0.21) +188 more potentially affected by CVE-2019-15599 via tree-kill (>=0.0.6 <=1.2.1)

tree-kill NPM version =0.0.6, =0.8.8, =0.0.1, =0.0.1-alpha.1, =1.2.2, =6.0.0, =0.0.1, =0.0.1, =2.0.0-beta.22, =2.0.0-beta.1, =1.0.0, =0.0.1, =0.2.0, =7.0.2 and more Source cves: CVE-2019-15599 Source advisory: OSV:GHSA-884P-74JH-XRG2...

Command Injection in tree-kill

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation Upgra...

GHSA-884P-74JH-XRG2 Command Injection in tree-kill

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation Upgra...

tree-kill code injection vulnerability (CNVD-2020-03698)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

tree-kill code injection vulnerability (CNVD-2019-46973)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

Command injection

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

The vulnerability CVE-2019-15599 affects the Windows component of the Node package tree-kill, where the input to the kill() function is not properly sanitized and is concatenated into an exec() call. This leads to remote code execution if an attacker provides controlled input. Public advisories c...

Command Injection

Overview Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems...

Node.js third-party modules: [tree-kill] RCE via insecure command concatenation (only Windows)

I would like to report a RCE issue in the tree-kill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: tree-kill version: 1.2.1 npm page: https://www.npmjs.com/package/tree-kill Module Description Kill all processes in the process tree, including t...