| Título | nextlevelbuilder goclaw <= v3.11.3 OS Command Injection (CWE-78) |
|---|
| Descrição | # Technical Details
An Arbitrary Command Execution inside Sandbox via FsBridge Command Injection exists in the `WriteFile` function in `internal/sandbox/fsbridge.go` of goclaw.
The application fails to escape shell metacharacters when formatting the docker execution command. It injects the resolved path into an unwrapped `sh -c` bash execution command string via Go's `fmt.Sprintf` with the `%q` verb. The `%q` format verb only wraps the string in double quotes and does not escape Bash metacharacters like `$()` or backticks, allowing command substitution.
# Vulnerable Code
File: internal/sandbox/fsbridge.go
Method: FsBridge.WriteFile
Why: Unvalidated user file paths are formatted into a `sh -c` argument without metacharacter sanitization, causing Bash to evaluate command substitution before executing the file write operation.
# Reproduction
1. Enable Sandbox mode (`GOCLAW_SANDBOX_MODE=all`) exposing Docker capability.
2. Trigger an LLM workflow where the `write_file` tool is called and file paths are controlled or influenced.
3. Supply a malicious file path such as `notes/$(touch /tmp/pwned).txt`.
4. Observe that the command substitution is executed as root inside the sandbox container.
# Impact
- OS Command Injection and Remote Code Execution (RCE).
- Attackers can steal container API tokens/keys, read other tenants' data inside the sandbox, conduct lateral SSRF scanning inside the host's VPC network bridge, or potentially escalate privileges by compromising the Docker host. |
|---|
| Fonte | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1121 |
|---|
| Utilizador | Eric-b (UID 96354) |
|---|
| Submissão | 07/05/2026 13h51 (há 28 dias) |
|---|
| Moderação | 31/05/2026 09h41 (24 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 367498 [nextlevelbuilder GoClaw até 3.11.3 write_file Tool fsbridge.go FsBridge.WriteFile Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|