https://huntr.dev/users/alromh87 has fixed the Remote Code Execution vulnerability π¨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program π΅. Think you could fix a vulnerability like this?
pdf-merge was vulnerable against arbitrary command injection cause some user supplied inputs were taken and formatted inside the exec() function without prior validation.
After update Arbitary Code Execution is avoided
π» Technical Description *
There was different handling implemented for windows and other systems, in case of other filename where sanitized, but not the execOptions and password leading to arbitrary code execution, missing sanitization was added
https://huntr.dev/users/alromh87 has fixed the Remote Code Execution vulnerability π¨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program π΅. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/pdf-merge/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/pdf-merge/1/README.md
User Comments:
π Metadata *
Bounty URL: https://www.huntr.dev/bounties/1-npm-pdf-merge
βοΈ Description *
pdf-merge was vulnerable against arbitrary command injection cause some user supplied inputs were taken and formatted inside the exec() function without prior validation. After update Arbitary Code Execution is avoided
π» Technical Description *
There was different handling implemented for windows and other systems, in case of other filename where sanitized, but not the execOptions and password leading to arbitrary code execution, missing sanitization was added
π Proof of Concept (PoC) *
Install the package and run the below code:
They will create a files named HACKED and HACKED2 in the working directory.
π₯ Proof of Fix (PoF) *
After fix no files are created
π User Acceptance Testing (UAT)
Commands can be executed normally