CVE-2021-23374 – CVE-2021-23374 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-23374?

CVE-2021-23374 has a CVSS score of 7.3 (HIGH). CVE-2021-23374 is a command injection vulnerability in the ps-visitor npm package that allows attackers to execute arbitrary commands on the host system. This occurs when untrusted user input is passed to the kill function, which uses child_process.exec without proper sanitization. All users of ps-visitor are affected.

📋 TL;DR

CVE-2021-23374 is a command injection vulnerability in the ps-visitor npm package that allows attackers to execute arbitrary commands on the host system. This occurs when untrusted user input is passed to the kill function, which uses child_process.exec without proper sanitization. All users of ps-visitor are affected.

💻 Affected Systems

Products:

ps-visitor

Versions: All versions

Operating Systems: All operating systems where Node.js runs

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when the kill function receives attacker-controlled input. Applications that don't use this function or properly sanitize input may not be vulnerable.

📦 What is this software?

Ps Visitor by Ps Visitor Project

View all CVEs affecting Ps Visitor →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining remote code execution, data exfiltration, and lateral movement capabilities.

🟠

Likely Case

Limited command execution within the application's context, potentially leading to data leakage or service disruption.

🟢

If Mitigated

No impact if input validation prevents untrusted data from reaching the vulnerable function.

🌐 Internet-Facing: HIGH if the application accepts user input that flows to the kill function and is exposed to the internet.

🏢 Internal Only: MEDIUM if the application is internal-only but processes untrusted input from internal users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward if attacker-controlled input reaches the vulnerable function. No authentication required for the vulnerable code path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://github.com/WisdomKwan/ps-visitor/security/advisories

Restart Required: No

Instructions:

No official patch exists. Remove ps-visitor from dependencies and replace with alternative package or implement input validation workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation to ensure only trusted, expected values reach the kill function.

Replace child_process.exec with child_process.execFile

all

Modify the source code to use execFile instead of exec, which doesn't spawn a shell and prevents command injection.

🧯 If You Can't Patch

Remove or disable functionality that uses the kill function with user input
Implement network segmentation and strict firewall rules to limit potential damage from exploitation

🔍 How to Verify

Check if Vulnerable:

Check package.json for ps-visitor dependency and review code to see if user input flows to the kill function.

Check Version:

npm list ps-visitor

Verify Fix Applied:

Verify ps-visitor is removed from dependencies and no user input reaches any kill function calls.

📡 Detection & Monitoring

Log Indicators:

Unusual process spawns from Node.js application
Unexpected command execution patterns

Network Indicators:

Outbound connections from Node.js process to unexpected destinations

SIEM Query:

process.name:node AND (process.args:*kill* OR process.args:*exec*)

📊 Metadata

CVE ID: CVE-2021-23374

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-78

Published: April 18, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/WisdomKwan/ps-visitor/blob/cdfc934a8e4af95aa0473f4b2a4bd091d09faf2f/index.js%23L404 Broken Link
https://snyk.io/vuln/SNYK-JS-PSVISITOR-1078544 Exploit,Third Party Advisory
https://github.com/WisdomKwan/ps-visitor/blob/cdfc934a8e4af95aa0473f4b2a4bd091d09faf2f/index.js%23L404 Broken Link
https://snyk.io/vuln/SNYK-JS-PSVISITOR-1078544 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23374, you might also want to check these: