Login Sign Up

CVE-2019-10783

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2019-10783 is a critical command injection vulnerability in the lsof npm module that allows attackers to execute arbitrary commands on affected systems. The vulnerability affects all versions up to and including 0.0.4 because the package uses the exec() function without proper input validation. Any application using this vulnerable npm module is at risk.

💻 Affected Systems

Products:
  • lsof npm module
Versions: All versions up to and including 0.0.4
Operating Systems: All operating systems running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: Any Node.js application that imports and uses the vulnerable lsof module is affected regardless of configuration.

📦 What is this software?

Isof by Isof Project

View all CVEs affecting Isof →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, allowing attackers to install malware, exfiltrate data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or remote code execution depending on how the module is used, potentially leading to data theft or service disruption.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented, though the vulnerability still exists in the underlying module.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward as it involves injecting shell commands through user-controlled input to the module's methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.0.5 and later

Vendor Advisory: https://snyk.io/vuln/SNYK-JS-LSOF-543632

Restart Required: Yes

Instructions:

1. Update package.json to specify lsof version 0.0.5 or later. 2. Run 'npm update lsof' or 'npm install lsof@latest'. 3. Restart your Node.js application.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for all user inputs passed to lsof module methods.

Replace with Alternative Module

all

Replace the vulnerable lsof module with a safer alternative that doesn't use exec() with user input.

npm uninstall lsof
npm install [alternative-package]

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all parameters passed to lsof module methods
  • Run the application with minimal privileges and in a sandboxed/containerized environment

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list lsof' to see if version 0.0.4 or earlier is installed.

Check Version:

npm list lsof | grep lsof

Verify Fix Applied:

Run 'npm list lsof' and verify version is 0.0.5 or later, then test application functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns
  • Suspicious shell commands in application logs
  • Unexpected process creation

Network Indicators:

  • Unexpected outbound connections from Node.js processes
  • Command and control traffic patterns

SIEM Query:

process.name: "node" AND cmdline: "*lsof*" AND (cmdline: "*;*" OR cmdline: "*|*" OR cmdline: "*`*" OR cmdline: "*$(*")

📊 Metadata

CVE ID: CVE-2019-10783
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: January 29, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-10783, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)