CVE-2019-15598

Name of the Vulnerable Software and Affected Versions treekill (affected versions not specified) tree-kill (affected versions not specified)

Description A Code Injection issue exists in treekill and tree-kill on Windows, allowing remote code execution when an attacker controls the input into the command. This can be exploited by creating a Proof of Concept (PoC) file that utilizes the treekill module to execute malicious commands.

Recommendations For treekill, consider disabling the kill function until a patch is available. For tree-kill, restrict access to the module to minimize the risk of exploitation. Avoid using the treekill module in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.