Login Sign Up

CVE-2023-27849

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2023-27849 is a critical remote code execution vulnerability in rails-routes-to-json v1.0.0 that allows attackers to execute arbitrary commands on affected systems via the child_process function. This affects any application using this vulnerable npm package version. Attackers can potentially gain full control of the server.

💻 Affected Systems

Products:
  • rails-routes-to-json
Versions: v1.0.0 only
Operating Systems: All operating systems running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 1.0.0 is affected. The vulnerability exists in the package's core functionality.

📦 What is this software?

Rails Routes To Json by Rails Routes To Json Project

View all CVEs affecting Rails Routes To Json →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Attackers exploit the vulnerability to execute commands, potentially leading to data theft, service disruption, or cryptocurrency mining.

🟢

If Mitigated

With proper network segmentation and least privilege, impact is limited to the affected application container or service.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing applications particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal applications are still vulnerable but require network access, reducing exposure compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is straightforward to exploit with publicly available details. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.0.1

Vendor Advisory: https://www.npmjs.com/package/rails-routes-to-json

Restart Required: Yes

Instructions:

1. Update package.json to specify 'rails-routes-to-json': '^1.0.1'. 2. Run 'npm update rails-routes-to-json'. 3. Restart your application server. 4. Verify the update with 'npm list rails-routes-to-json'.

🔧 Temporary Workarounds

Remove vulnerable package

all

Uninstall the vulnerable package if not essential

npm uninstall rails-routes-to-json

Network isolation

all

Restrict network access to affected applications

🧯 If You Can't Patch

  • Isolate the affected system from network access
  • Implement strict input validation and sanitization for all user inputs

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list rails-routes-to-json' to see if version 1.0.0 is installed

Check Version:

npm list rails-routes-to-json

Verify Fix Applied:

Run 'npm list rails-routes-to-json' and verify version is 1.0.1 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual child_process spawns
  • Suspicious command execution patterns
  • Unexpected system calls from Node.js process

Network Indicators:

  • Unexpected outbound connections from application server
  • Command and control traffic patterns

SIEM Query:

process.name:node AND process.args:*child_process* AND process.args:*exec*

📊 Metadata

CVE ID: CVE-2023-27849
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: April 24, 2023
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27849, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)