| Название | PerfectHQ Perfect <= 3.6.24 Argument Injection |
|---|
| Описание | Vulnerability Report: Prefect Git Argument Injection
Title: Prefect Git Argument Injection in GitRepository Pull Steps
Product: Prefect (PrefectHQ/prefect)
Affected Versions: 3.x prior to 3.6.25
CWE: CWE-88 (Argument Injection), CWE-20 (Improper Input Validation)
CVSS 3.1: 4.8 (Medium) - AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Description:
The GitRepository class in Prefect Server fails to validate the 'commit_sha' and 'directories' parameters before passing them as positional arguments to git subprocess calls (rev-parse, fetch, checkout, and sparse-checkout). Because these inputs are not sanitized and lack an end-of-options separator ("--"), an attacker can provide values starting with hyphens that the git binary interprets as command-line flags rather than positional references or paths.
Impact:
This vulnerability allows an actor with permission to modify deployment pull-step configurations to inject arbitrary git flags into the worker process. The primary impacts include:
1. Denial of Service (DoS): Injecting flags like "--stdin" into sparse-checkout causes the worker to hang indefinitely.
2. Refspec-flag Injection: Injecting "--upload-pack" during a fetch can lead to a remote command execution (RCE) primitive against certain SSH-accessible git hosts.
3. Local Behavior Modification: Using flags like "--force" or "--orphan" to silently alter the state of the worker's working tree.
Proof of Concept:
1. Instantiate GitRepository with commit_sha="--upload-pack=/tmp/pwn" and directories=["--stdin"].
2. Observe that the constructor accepts these values without error.
3. Executing a pull step with these values causes the git subprocess to interpret them as options. In the case of "--stdin", the process stalls waiting for input, confirming the DoS.
4. On version 3.6.25+, the same instantiation raises a ValueError for the commit_sha.
Fix:
The issue was resolved in version 3.6.25. The fix introduces a hexadecimal regex validation for commit_sha, adds a warning for directory names starting with "--", and implements the "--" end-of-options marker in the git sparse-checkout command to ensure subsequent strings are treated as literal paths.
The fix was implemented here: https://github.com/PrefectHQ/prefect/pull/21384 |
|---|
| Источник | ⚠️ https://gist.github.com/nedlir/c37d90dda5f715790eafc970b2ef0c8a |
|---|
| Пользователь | nedlir (UID 95981) |
|---|
| Представление | 17.04.2026 23:14 (2 месяцы назад) |
|---|
| Модерация | 03.05.2026 11:18 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 360901 [PrefectHQ prefect до 3.6.25.dev6 GitRepository Pull storage.py commit_sha/directories эскалация привилегий] |
|---|
| Баллы | 20 |
|---|