CVE-2019-15599 – CVE-2019-15599 is a code injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2019-15599?

CVE-2019-15599 has a CVSS score of 9.8 (CRITICAL). CVE-2019-15599 is a code injection vulnerability in the tree-kill npm package on Windows systems that allows remote code execution when an attacker can control command input. This affects any application using vulnerable versions of tree-kill on Windows. The vulnerability enables attackers to execute arbitrary commands with the privileges of the application using the package.

📋 TL;DR

CVE-2019-15599 is a code injection vulnerability in the tree-kill npm package on Windows systems that allows remote code execution when an attacker can control command input. This affects any application using vulnerable versions of tree-kill on Windows. The vulnerability enables attackers to execute arbitrary commands with the privileges of the application using the package.

💻 Affected Systems

Products:

tree-kill npm package

Versions: Versions before 1.2.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows systems; Linux/macOS systems are not vulnerable. Applications must use tree-kill with user-controlled input.

📦 What is this software?

Tree Kill by Tree Kill Project

View all CVEs affecting Tree Kill →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Application compromise allowing execution of arbitrary commands, potentially leading to lateral movement within the network.

🟢

If Mitigated

Limited impact through proper input validation and sandboxing, with only application-level compromise possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires attacker to control input passed to tree-kill functions. Public proof-of-concept exists on HackerOne.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.2 and later

Vendor Advisory: https://www.npmjs.com/advisories/1437

Restart Required: No

Instructions:

1. Update tree-kill package to version 1.2.2 or later using 'npm update tree-kill'. 2. Verify the update with 'npm list tree-kill'. 3. Restart any applications using tree-kill.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for any data passed to tree-kill functions

Process Sandboxing

windows

Run applications using tree-kill with reduced privileges or in sandboxed environments

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user-controlled data passed to tree-kill
Isolate affected applications in network segments with restricted outbound access

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list tree-kill' to see if version is below 1.2.2

Check Version:

npm list tree-kill

Verify Fix Applied:

Verify tree-kill version is 1.2.2 or higher with 'npm list tree-kill'

📡 Detection & Monitoring

Log Indicators:

Unusual process tree termination patterns
Suspicious command execution from node.js processes

Network Indicators:

Unexpected outbound connections from node.js applications
Command and control traffic patterns

SIEM Query:

Process creation where parent process contains 'node' and command line contains unusual arguments or shell metacharacters

📊 Metadata

CVE ID: CVE-2019-15599

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: December 18, 2019

Last Updated: November 21, 2024

🔗 References

https://hackerone.com/reports/701183 Permissions Required,Third Party Advisory
https://hackerone.com/reports/701183 Permissions Required,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15599, you might also want to check these: