CVE-2019-5414
Command Injection vulnerability in kill-port (npm)

Command Injection No known exploit

What is CVE-2019-5414 About?

The `kill-port` package, in versions prior to 1.3.2, is vulnerable to Command Injection. This allows attackers to execute arbitrary commands on the system if user input, such as a port number, is passed unsanitized to the `kill` function. Exploitation is straightforward given control over the affected input.

Affected Software

kill-port <1.3.2

Technical Details

Versions of the kill-port package before 1.3.2 are affected by a Command Injection vulnerability. The kill function within the package does not properly validate user input, specifically concerning the port number or other parameters. An attacker can craft malicious input containing operating system commands, which, when passed to the kill function, will be executed by the underlying system. This bypasses security measures and grants the attacker the ability to run arbitrary commands on the host machine where the kill-port package is being used.

What is the Impact of CVE-2019-5414?

Successful exploitation may allow attackers to execute arbitrary commands on the underlying system, leading to full system compromise, data theft, or service disruption.

What is the Exploitability of CVE-2019-5414?

Exploitation requires that an attacker can provide user-controlled input (e.g., port number) to the kill function of the kill-port package without proper validation. The complexity of crafting the malicious input is generally low. There are no authentication or privilege requirements beyond the ability to influence the input to the vulnerable function. Access can be remote if the application exposing the kill function is accessible over a network. Risk factors include applications that directly incorporate user input into system commands without sanitization, particularly in contexts where port numbers or similar parameters are configurable by users.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2019-5414?

Available Upgrade Options

  • kill-port
    • <1.3.2 → Upgrade to 1.3.2

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2019-5414?

Similar Vulnerabilities: CVE-2019-15599 , CVE-2019-10775 , CVE-2020-7608 , CVE-2020-14123 , CVE-2021-23424

All Rights reserved 2025
Privacy Policy