| Titel | nextlevelbuilder goclaw <= v3.11.3 OS Command Injection (CWE-78) |
|---|
| Beschreibung | # Technical Details
An Arbitrary Command Execution inside Sandbox via FsBridge Command Injection exists in the `WriteFile` function in `internal/sandbox/fsbridge.go` of goclaw.
The application fails to escape shell metacharacters when formatting the docker execution command. It injects the resolved path into an unwrapped `sh -c` bash execution command string via Go's `fmt.Sprintf` with the `%q` verb. The `%q` format verb only wraps the string in double quotes and does not escape Bash metacharacters like `$()` or backticks, allowing command substitution.
# Vulnerable Code
File: internal/sandbox/fsbridge.go
Method: FsBridge.WriteFile
Why: Unvalidated user file paths are formatted into a `sh -c` argument without metacharacter sanitization, causing Bash to evaluate command substitution before executing the file write operation.
# Reproduction
1. Enable Sandbox mode (`GOCLAW_SANDBOX_MODE=all`) exposing Docker capability.
2. Trigger an LLM workflow where the `write_file` tool is called and file paths are controlled or influenced.
3. Supply a malicious file path such as `notes/$(touch /tmp/pwned).txt`.
4. Observe that the command substitution is executed as root inside the sandbox container.
# Impact
- OS Command Injection and Remote Code Execution (RCE).
- Attackers can steal container API tokens/keys, read other tenants' data inside the sandbox, conduct lateral SSRF scanning inside the host's VPC network bridge, or potentially escalate privileges by compromising the Docker host. |
|---|
| Quelle | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1121 |
|---|
| Benutzer | Eric-b (UID 96354) |
|---|
| Einreichung | 07.05.2026 13:51 (vor 30 Tagen) |
|---|
| Moderieren | 31.05.2026 09:41 (24 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 367498 [nextlevelbuilder GoClaw bis 3.11.3 write_file Tool fsbridge.go FsBridge.WriteFile erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|