| タイトル | nextlevelbuilder goclaw <= v3.11.3 OS Command Injection (CWE-78) |
|---|
| 説明 | # Technical Details
An Arbitrary Command Execution inside Sandbox via FsBridge Command Injection exists in the `WriteFile` function in `internal/sandbox/fsbridge.go` of goclaw.
The application fails to escape shell metacharacters when formatting the docker execution command. It injects the resolved path into an unwrapped `sh -c` bash execution command string via Go's `fmt.Sprintf` with the `%q` verb. The `%q` format verb only wraps the string in double quotes and does not escape Bash metacharacters like `$()` or backticks, allowing command substitution.
# Vulnerable Code
File: internal/sandbox/fsbridge.go
Method: FsBridge.WriteFile
Why: Unvalidated user file paths are formatted into a `sh -c` argument without metacharacter sanitization, causing Bash to evaluate command substitution before executing the file write operation.
# Reproduction
1. Enable Sandbox mode (`GOCLAW_SANDBOX_MODE=all`) exposing Docker capability.
2. Trigger an LLM workflow where the `write_file` tool is called and file paths are controlled or influenced.
3. Supply a malicious file path such as `notes/$(touch /tmp/pwned).txt`.
4. Observe that the command substitution is executed as root inside the sandbox container.
# Impact
- OS Command Injection and Remote Code Execution (RCE).
- Attackers can steal container API tokens/keys, read other tenants' data inside the sandbox, conduct lateral SSRF scanning inside the host's VPC network bridge, or potentially escalate privileges by compromising the Docker host. |
|---|
| ソース | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1121 |
|---|
| ユーザー | Eric-b (UID 96354) |
|---|
| 送信 | 2026年05月07日 13:51 (1 月 ago) |
|---|
| モデレーション | 2026年05月31日 09:41 (24 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367498 [nextlevelbuilder GoClaw 迄 3.11.3 write_file Tool fsbridge.go FsBridge.WriteFile 特権昇格] |
|---|
| ポイント | 20 |
|---|