https://huntr.dev/users/Asjidkalam has fixed the Remote Code Execution vulnerability šØ. Asjidkalam has been awarded $25 for fixing the vulnerability through the huntr bug bounty program šµ. Think you could fix a vulnerability like this?
The libreoffice-convert module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection. It was using exec() function which is vulnerable to Command Injection if it accepts user input and it goes through any sanitization or escaping.
š» Technical Description *
The use of the child_process function exec() is highly discouraged if you accept user input and don't sanitize/escape them. I replaced it with execFile() which mitigates any possible Command Injections as it accepts input as arrays.
https://huntr.dev/users/Asjidkalam has fixed the Remote Code Execution vulnerability šØ. Asjidkalam has been awarded $25 for fixing the vulnerability through the huntr bug bounty program šµ. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/libreoffice-convert/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/libreoffice-convert/1/README.md
User Comments:
š Metadata *
Code execution Vulnerability
Bounty URL: https://www.huntr.dev/bounties/1-npm-libreoffice-convert
āļø Description *
The libreoffice-convert module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection. It was using
exec()
function which is vulnerable to Command Injection if it accepts user input and it goes through any sanitization or escaping.š» Technical Description *
The use of the
child_process
functionexec()
is highly discouraged if you accept user input and don't sanitize/escape them. I replaced it withexecFile()
which mitigates any possible Command Injections as it accepts input as arrays.š Proof of Concept (PoC) *
Install the package and run the below code
A file named
HACKED
will be created in the current working directory.š„ Proof of Fix (PoF) *
After applying the fix, run the PoC again and no files will be created. Hence command injection is mitigated.
š User Acceptance Testing (UAT)
Only
execFile
is used, no breaking changes introduced.