https://huntr.dev/users/alromh87 has fixed the RCE on "mrgit" vulnerability šØ. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program šµ. Think you could fix a vulnerability like this?
mrgit was vulnerable against arbitrary command injection cause some user supplied inputs were taken and executed with shelljs function without prior validation.
After update Arbitary Code Execution is avoided
š» Technical Description *
Comands are executed using shelljs without sanitization, leading to Arbitrary Code Execution, missing sanitization was added
https://huntr.dev/users/alromh87 has fixed the RCE on "mrgit" vulnerability šØ. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program šµ. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/mrgit/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/mrgit/1/README.md
User Comments:
š Metadata *
Bounty URL: https://www.huntr.dev/bounties/1-npm-mrgit
āļø Description *
mrgit was vulnerable against arbitrary command injection cause some user supplied inputs were taken and executed with shelljs function without prior validation. After update Arbitary Code Execution is avoided
š» Technical Description *
Comands are executed using shelljs without sanitization, leading to Arbitrary Code Execution, missing sanitization was added
š Proof of Concept (PoC) *
Install the package and run the below code:
It will create a file HACKED in the working directory.
š„ Proof of Fix (PoF) *
After fix no file is created
š User Acceptance Testing (UAT)
Commands can be executed normally