| Titel | aandrew-me tgpt v2.11.1 Command Injection |
|---|
| Beschreibung | tgpt v2.11.1 contains a local command injection vulnerability in its update mechanism. When a user runs the -u / --update option on Linux or macOS, the application calls helper.Update() and constructs a shell command using bash -c. The value of executablePath, which is derived from os.Executable(), is concatenated directly into that command string without escaping or safe argument separation.
Because the executable path is inserted into a shell-interpreted string, any shell metacharacters present in the path, such as ; or #, are processed by the shell as command syntax rather than treated as literal data. This allows arbitrary command execution in the context of the current user if the binary is executed from a crafted path and the update feature is triggered.
The issue affects the local client only. It is not a remote code execution vulnerability against a server, and exploitation requires user interaction. The vulnerable code path is reachable on Linux and macOS, while the update routine is explicitly disabled on Windows in the current implementation. |
|---|
| Quelle | ⚠️ https://drive.google.com/file/d/19wRsehbhotZXgE1TjenFtS3w-zRtp-PW/view?usp=sharing |
|---|
| Benutzer | hai271120 (UID 96497) |
|---|
| Einreichung | 13.04.2026 16:27 (vor 2 Monaten) |
|---|
| Moderieren | 09.05.2026 08:07 (26 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 362418 [aandrew-me tgpt bis 2.11.1 auf Linux/macOS Update helper.go helper.Update erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|