CVE-2019-15599

Name of the Vulnerable Software and Affected Versions tree-kill versions prior to 1.2.2

Description A Code Injection exists in tree-kill on Windows, allowing remote code execution when an attacker controls the input into the command. The issue arises from the failure to sanitize values passed to the kill function, which may allow attackers to run arbitrary commands on the server. This issue only affects Windows systems.

Recommendations Upgrade to version 1.2.2 or later. As a temporary workaround, consider restricting the use of the kill function in tree-kill until a patch is available. Avoid using user-controlled input in the kill function to minimize the risk of exploitation.