| 제목 | vercel ai @ai-sdk/[email protected] OS Command Injection (CWE-78) |
|---|
| 설명 | # Technical Details
A Command Injection vulnerability exists in the `run` method in `.github/workflows/prettier-on-automerge.yml` of vercel/ai.
The application fails to sanitize inputs inserted into shell execution contexts, using an unsafe direct string interpolation method (`${{ github.event.pull_request.head.ref }}`). An attacker opening a PR with a carefully crafted branch name can execute arbitrary bash commands in the runner's sandbox.
# Vulnerable Code
File: .github/workflows/prettier-on-automerge.yml
Method: run block (lines 54-68)
Why: The workflow explicitly interleaves user-controlled GitHub action contexts (`pull_request.head.ref`) inside bash pipelines without mapping them through intermediate environmental variables (`env:`).
# Reproduction
1. Create a pull request leveraging a Git branch formed with command-substitution injection syntax, such as `$(echo${IFS}PWNED_BY_COMMAND_INJECTION>/tmp/pwned)`.
2. Push the branch to the external repository.
3. Observe that when the `prettier-on-automerge.yml` pipeline triggers, the bash execution bypasses format bounds and establishes payload functionality on the build host.
# Impact
- Authorized Sandbox Execution allowing attackers to intercept CI/CD deployments and poison release artifacts leading to supply chain compromises.
- Extraction of GitHub deployment security tokens and credential compromise (`VERCEL_AI_SDK_GITHUB_APP_PRIVATE_KEY_PKCS8` or `GH_TOKEN`). |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/870bd6966cd84703d91ce54dfea3bdd0 |
|---|
| 사용자 | Eric-d (UID 96861) |
|---|
| 제출 | 2026. 04. 23. PM 02:41 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 17. AM 11:28 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 364392 [vercel ai 까지 3.0.97 PR Branch Name Interpolation prettier-on-automerge.yml run 권한 상승] |
|---|
| 포인트들 | 20 |
|---|