| タイトル | aandrew-me tgpt v2.11.1 Command Injection |
|---|
| 説明 | tgpt v2.11.1 contains a local command injection vulnerability in its update mechanism. When a user runs the -u / --update option on Linux or macOS, the application calls helper.Update() and constructs a shell command using bash -c. The value of executablePath, which is derived from os.Executable(), is concatenated directly into that command string without escaping or safe argument separation.
Because the executable path is inserted into a shell-interpreted string, any shell metacharacters present in the path, such as ; or #, are processed by the shell as command syntax rather than treated as literal data. This allows arbitrary command execution in the context of the current user if the binary is executed from a crafted path and the update feature is triggered.
The issue affects the local client only. It is not a remote code execution vulnerability against a server, and exploitation requires user interaction. The vulnerable code path is reachable on Linux and macOS, while the update routine is explicitly disabled on Windows in the current implementation. |
|---|
| ソース | ⚠️ https://drive.google.com/file/d/19wRsehbhotZXgE1TjenFtS3w-zRtp-PW/view?usp=sharing |
|---|
| ユーザー | hai271120 (UID 96497) |
|---|
| 送信 | 2026年04月13日 16:27 (2 月 ago) |
|---|
| モデレーション | 2026年05月09日 08:07 (26 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 362418 [aandrew-me tgpt 迄 2.11.1 上 Linux/macOS Update helper.go helper.Update 特権昇格] |
|---|
| ポイント | 20 |
|---|