Login Sign Up

CVE-2017-16042

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2017-16042 is a critical command injection vulnerability in the Growl npm package that allows attackers to execute arbitrary commands on affected systems. The vulnerability occurs because user input is not properly sanitized before being passed to the exec() function. This affects any Node.js application using vulnerable versions of the Growl package for desktop notifications.

💻 Affected Systems

Products:
  • node-growl (Growl npm package)
Versions: All versions before 1.10.2
Operating Systems: All operating systems running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: Any Node.js application using the vulnerable growl package is affected regardless of configuration.

📦 What is this software?

Growl by Growl Project

View all CVEs affecting Growl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the server, allowing data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to application compromise, data exfiltration, and potential privilege escalation on the host system.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented, potentially restricting execution to non-privileged contexts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward as it involves passing malicious input to the vulnerable function. Public proof-of-concept code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.10.2 and later

Vendor Advisory: https://github.com/tj/node-growl/issues/60

Restart Required: Yes

Instructions:

1. Update package.json to specify 'growl': '>=1.10.2'. 2. Run 'npm update growl' or 'npm install growl@latest'. 3. Restart your Node.js application.

🔧 Temporary Workarounds

Input Validation Wrapper

all

Implement strict input validation and sanitization for all parameters passed to growl functions

Package Removal

all

Remove growl dependency if notification functionality is not essential

npm uninstall growl

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems
  • Deploy application-level firewalls to monitor and block suspicious exec() calls

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list growl' to see if version is below 1.10.2

Check Version:

npm list growl | grep growl

Verify Fix Applied:

Confirm growl version is 1.10.2 or higher with 'npm list growl'

📡 Detection & Monitoring

Log Indicators:

  • Unusual process executions from Node.js applications
  • Suspicious command-line arguments in system logs

Network Indicators:

  • Unexpected outbound connections from Node.js processes

SIEM Query:

process.name:node AND cmdline:*growl* AND (cmdline:*;* OR cmdline:*&* OR cmdline:*|*)

📊 Metadata

CVE ID: CVE-2017-16042
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: June 4, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-16042, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)