| عنوان | aandrew-me tgpt v2.11.1 Command Injection |
|---|
| الوصف | tgpt v2.11.1 contains a local command injection vulnerability in its update mechanism. When a user runs the -u / --update option on Linux or macOS, the application calls helper.Update() and constructs a shell command using bash -c. The value of executablePath, which is derived from os.Executable(), is concatenated directly into that command string without escaping or safe argument separation.
Because the executable path is inserted into a shell-interpreted string, any shell metacharacters present in the path, such as ; or #, are processed by the shell as command syntax rather than treated as literal data. This allows arbitrary command execution in the context of the current user if the binary is executed from a crafted path and the update feature is triggered.
The issue affects the local client only. It is not a remote code execution vulnerability against a server, and exploitation requires user interaction. The vulnerable code path is reachable on Linux and macOS, while the update routine is explicitly disabled on Windows in the current implementation. |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/19wRsehbhotZXgE1TjenFtS3w-zRtp-PW/view?usp=sharing |
|---|
| المستخدم | hai271120 (UID 96497) |
|---|
| ارسال | 13/04/2026 04:27 PM (2 أشهر منذ) |
|---|
| الاعتدال | 09/05/2026 08:07 AM (26 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 362418 [aandrew-me tgpt حتى 2.11.1 على Linux/macOS Update helper.go helper.Update تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|