Login Sign Up

CVE-2021-34082

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary operating system commands on systems running the vulnerable proctree Node.js package. Attackers can achieve remote code execution by exploiting improper input sanitization in the fix function. Any Node.js application using proctree versions through 0.1.1 or commit 0ac10ae575459457838f14e21d5996f2fa5c7593 is affected.

💻 Affected Systems

Products:
  • allenhwkim proctree
Versions: through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593
Operating Systems: Any OS running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Proctree by Proctree Project

View all CVEs affecting Proctree →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, allowing data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to application compromise, data exfiltration, and potential privilege escalation on the host system.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially only affecting the application's own data and processes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a publicly accessible function with minimal exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.2 or later

Vendor Advisory: https://github.com/allenhwkim/proctree/security/advisories

Restart Required: Yes

Instructions:

1. Update proctree package to version 0.1.2 or later using npm update proctree. 2. Restart the Node.js application. 3. Verify the fix by checking the package version.

🔧 Temporary Workarounds

Input Validation Wrapper

all

Implement strict input validation before passing data to proctree functions

// Implement input validation in your application code before calling proctree functions

Process Sandboxing

linux

Run Node.js application in a container or sandboxed environment

docker run -d --name app-container your-node-app

🧯 If You Can't Patch

  • Remove or disable proctree functionality from the application
  • Implement network segmentation and strict firewall rules to limit access to affected systems

🔍 How to Verify

Check if Vulnerable:

Check package.json or run npm list proctree to see if version is 0.1.1 or earlier

Check Version:

npm list proctree | grep proctree

Verify Fix Applied:

Verify proctree version is 0.1.2 or later using npm list proctree

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawns from Node.js application
  • Suspicious command execution patterns
  • Error logs showing failed command execution attempts

Network Indicators:

  • Unexpected outbound connections from Node.js process
  • Command and control traffic patterns

SIEM Query:

process.name:node.exe AND process.cmdline:*proctree* AND (process.cmdline:*cmd* OR process.cmdline:*powershell* OR process.cmdline:*bash*)

📊 Metadata

CVE ID: CVE-2021-34082
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: June 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34082, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)