CVE-2024-43373
📋 TL;DR
CVE-2024-43373 is an arbitrary file write vulnerability in the webcrack JavaScript reverse engineering tool on Windows systems. Attackers can exploit path traversal with Windows separators when using unpack bundles with saving features to overwrite .js files, potentially hijacking Node.js modules for code execution. Users running webcrack on Windows with these features enabled are affected.
💻 Affected Systems
- webcrack
📦 What is this software?
Webcrack by J4k0xb
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution through hijacked Node.js modules, potentially leading to data theft, ransomware deployment, or persistent backdoors.
Likely Case
Local file system corruption, unauthorized file modifications, or limited code execution within the user context running webcrack.
If Mitigated
No impact if proper file permissions restrict write access to critical directories or if the vulnerable features are disabled.
🎯 Exploit Status
Exploitation requires crafting malicious JavaScript code that triggers the path traversal when processed by webcrack's unpack bundles feature with saving enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.14.1
Vendor Advisory: https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w
Restart Required: No
Instructions:
1. Update webcrack using npm: 'npm update webcrack' or 'npm install webcrack@2.14.1'. 2. Verify the installed version is 2.14.1 or higher.
🔧 Temporary Workarounds
Disable saving feature
allAvoid using the saving feature when unpacking bundles from untrusted sources.
Use Linux/macOS
allRun webcrack on non-Windows systems where Windows path separators won't trigger the vulnerability.
🧯 If You Can't Patch
- Restrict webcrack usage to trusted, verified JavaScript code only.
- Run webcrack in isolated environments (sandboxes, containers) with restricted file system access.
🔍 How to Verify
Check if Vulnerable:
Check webcrack version: 'npm list webcrack' or 'webcrack --version'. If version is below 2.14.1 and running on Windows, the system is vulnerable.Check Version:
npm list webcrack | grep webcrackVerify Fix Applied:
Confirm version is 2.14.1 or higher using 'npm list webcrack' and test with known malicious input containing Windows path traversal sequences.📡 Detection & Monitoring
Log Indicators:
- Unusual file write attempts to system directories in webcrack logs
- Errors related to path traversal in unpack bundle operations
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
Process execution logs showing webcrack with arguments containing suspicious path patterns (e.g., '..\\' sequences)