Vulnerability	Vulnerable Version
C Remote Code Execution (RCE) irc-framework is an IRC framework for node.js. Affected versions of this package are vulnerable to Remote Code Execution (RCE). Calling `event.reply` with a message like `Hello World\nQUIT` will cause the package to pass the input straight to sockets, which in turn will split its input by newlines, resulting in IRC server receiving two lines from client: `PRIVMSG #dev :Hello World` and `QUIT`. The underlying function responsible for handling reply to events will properly split messages and append appropriate prefix (`PRIVMSG #dev` in previous example) for lines that are above threshold length, however it does not do such thing for messages that explicitly contain `\n` in them. How to fix Remote Code Execution (RCE)? Upgrade `irc-framework` to version 4.7.0 or higher.	<4.7.0

Remote Code Execution (RCE)

irc-framework is an IRC framework for node.js.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). Calling event.reply with a message like Hello World\nQUIT will cause the package to pass the input straight to sockets, which in turn will split its input by newlines, resulting in IRC server receiving two lines from client: PRIVMSG #dev :Hello World and QUIT.

The underlying function responsible for handling reply to events will properly split messages and append appropriate prefix (PRIVMSG #dev in previous example) for lines that are above threshold length, however it does not do such thing for messages that explicitly contain \n in them.

How to fix Remote Code Execution (RCE)?

Upgrade irc-framework to version 4.7.0 or higher.

<4.7.0

Go back to all versions of this package