| عنوان | nextlevelbuilder goclaw <= v3.11.3 OS Command Injection (CWE-78) |
|---|
| الوصف | # Technical Details
An Arbitrary Command Execution inside Sandbox via FsBridge Command Injection exists in the `WriteFile` function in `internal/sandbox/fsbridge.go` of goclaw.
The application fails to escape shell metacharacters when formatting the docker execution command. It injects the resolved path into an unwrapped `sh -c` bash execution command string via Go's `fmt.Sprintf` with the `%q` verb. The `%q` format verb only wraps the string in double quotes and does not escape Bash metacharacters like `$()` or backticks, allowing command substitution.
# Vulnerable Code
File: internal/sandbox/fsbridge.go
Method: FsBridge.WriteFile
Why: Unvalidated user file paths are formatted into a `sh -c` argument without metacharacter sanitization, causing Bash to evaluate command substitution before executing the file write operation.
# Reproduction
1. Enable Sandbox mode (`GOCLAW_SANDBOX_MODE=all`) exposing Docker capability.
2. Trigger an LLM workflow where the `write_file` tool is called and file paths are controlled or influenced.
3. Supply a malicious file path such as `notes/$(touch /tmp/pwned).txt`.
4. Observe that the command substitution is executed as root inside the sandbox container.
# Impact
- OS Command Injection and Remote Code Execution (RCE).
- Attackers can steal container API tokens/keys, read other tenants' data inside the sandbox, conduct lateral SSRF scanning inside the host's VPC network bridge, or potentially escalate privileges by compromising the Docker host. |
|---|
| المصدر | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1121 |
|---|
| المستخدم | Eric-b (UID 96354) |
|---|
| ارسال | 07/05/2026 01:51 PM (28 أيام منذ) |
|---|
| الاعتدال | 31/05/2026 09:41 AM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367498 [nextlevelbuilder GoClaw حتى 3.11.3 write_file Tool fsbridge.go FsBridge.WriteFile تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|