Soumettre #813767: FoundDream miniclawd 0 OS Command Injectioninformation

TitreFoundDream miniclawd 0 OS Command Injection
DescriptionA critical OS command injection vulnerability exists in src/tools/exec.ts. The ExecTool.execute() method uses Node.js spawn() with shell: true, allowing arbitrary command execution through shell metacharacter injection. shell: true passes the entire params.command string directly to /bin/sh for parsing. No input validation - shell metacharacters are not filtered. All shell operators (;, |, &, &&, ||, $(), `, newlines) work as intended More details: https://github.com/FoundDream/miniclawd/issues/1
La source⚠️ https://github.com/FoundDream/miniclawd/issues/1
Utilisateur
 ybdesire (UID 83239)
Soumission27/04/2026 04:32 (il y a 1 mois)
Modérer24/05/2026 09:54 (27 days later)
StatutAccepté
Entrée VulDB365433 [FoundDream miniclawd /src/tools/exec.ts ExecTool.execute élévation de privilèges]
Points20

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!