जमा करें #855792: mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)जानकारी

शीर्षकmosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)
विवरण# Technical Details A protection mechanism failure exists in the `(*Registry).exec` flow in `tools/tool_exec.go`, reached from `tools.Registry.Execute` in `tools/registry.go` and guarded by `guardExecCommand` in `tools/exec_guard.go` of clawlet. The application fails to validate interpreter-wrapped payloads before passing the original command to `sh -lc`. The guard only checks the outer shell string and denylisted patterns, so an inline payload such as `python3 -c` can perform destructive actions that direct shell syntax like `rm -rf` would block. # Vulnerable Code File: `tools/exec_guard.go`, `tools/tool_exec.go`, `tools/registry.go` Method: `guardExecCommand`, `(*Registry).exec`, `(*Registry).Execute` Why: `guardExecCommand` inspects only the raw command text and does not unwrap or normalize inline interpreter payloads. After that check, `(*Registry).exec` still executes the original attacker-controlled string through `exec.CommandContext(..., "sh", "-lc", command)`. # Reproduction 1. Prepare an affected clawlet checkout and a writable test workspace with `target.txt` inside it. 2. Invoke the real exported `exec(command: string)` path through `tools.Registry.Execute` using `python3 -c "__import__('os').remove('target.txt')"`. 3. Confirm the wrapped payload is accepted and `workspace/target.txt` is deleted, while a control payload such as `rm -rf target.txt` is blocked by the guard. # Impact - An attacker can bypass the intended command safety restrictions and run destructive interpreter logic. - Workspace files can be deleted or modified under the privileges of the clawlet process. - CI runners or developer environments can suffer artifact tampering or code modification.
स्रोत⚠️ https://github.com/mosaxiv/clawlet/issues/12
उपयोगकर्ता
 Eric-b (UID 96354)
सबमिशन11/06/2026 08:58 AM (1 महीना पहले)
संयम13/07/2026 06:57 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि378121 [mosaxiv clawlet तक 0.2.10 exec Safety Guard tools/tool_exec.go guardExecCommand अधिकार वृद्धि]
अंक20

Do you want to use VulDB in your project?

Use the official API to access entries easily!