Main Vulnerability Database Vulnerabilities #VU51826

Command Injection in killport - CVE-2021-23360

Published: March 31, 2021

Vulnerability identifier: #VU51826

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2021-23360

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
killport

Software vendor:
ssnau

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the child_process exec function. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Remediation

Install updates from vendor's website.

External links

https://github.com/ssnau/killport/blob/5268f23ea8f152e47182b263d8f7ef20c12a9f28/index.js%23L9
https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638
https://snyk.io/vuln/SNYK-JS-KILLPORT-1078535

Command Injection in killport - CVE-2021-23360

Description

Remediation

External links

Please verify you're human