EUVD-2022-4302

Malicious code in bioql PyPI...

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

GHSA-J7FQ-P9Q7-5WFV Treekill Enables OS Command Injection

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...

Treekill Enables OS Command Injection

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...

@balljs/cli (>=0.0.1 <=0.0.4), @getcronit/pylon-dev (>=1.0.0 <=1.0.6-canary-20251001082250.ccf97bac6ff6b3a3829e9c4cc040e2f03b7449eb) +9 more potentially affected by unknown CVE via treekill (>=0.0.0 <=1.0.0)

treekill NPM version =0.0.0, =0.0.1, =1.0.0, =0.0.34, =0.0.9-beta.1, =2.0.0, =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-533P-G2HQ-QR26...

Command Injection in treekill

All versions of treekill are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation No fix is current...

GHSA-533P-G2HQ-QR26 Command Injection in treekill

All versions of treekill are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation No fix is current...

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

Command injection

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15598

CVE-2019-15598 affects the treekill/tree-kill module. The issue is a code injection vulnerability on Windows caused by insecurely concatenating user input into a system command, enabling remote code execution when input is controlled. References and advisories (HackerOne PoC, GHSA-J7FQ-P9Q7-5WFV,...

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

Command Injection

Overview All versions of treekill are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation No fix i...

Node.js third-party modules: [treekill] RCE via insecure command concatenation (only Windows)

I would like to report a RCE issue in the treekill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: treekill version: 1.0.0 npm page: https://www.npmjs.com/package/treekill Module Description treekill process and it's all children and child...