Submit #855804: nextlevelbuilder GoClaw 3.11.3 Command Execution Policy Bypass (CWE-184)info

Titlenextlevelbuilder GoClaw 3.11.3 Command Execution Policy Bypass (CWE-184)
Description# Technical Details A Command Execution Policy Bypass exists in the `CheckCommand` method in `internal/tools/exec_approval.go` of GoClaw. The application fails to validate the full command semantics under `tools.execApproval.security=allowlist`. The public `POST /v1/tools/invoke` API accepts operator-supplied `args.command`, `ExecApprovalManager.CheckCommand()` classifies only the outer token via `extractBin(command)`, and `ExecTool.executeOnHost()` later passes the original string to `sh -c`. A transparent wrapper such as `env` can therefore be allowlisted while an inner shell payload still executes. # Vulnerable Code File: internal/tools/exec_approval.go Method: ExecApprovalManager.CheckCommand Why: Policy uses `matchesAllowlist(command)` and `extractBin(command)` to classify `env /bin/sh -c 'echo VULNERABLE_BYPASS > marker.txt'` as `env`, but `internal/tools/shell.go` later executes the original command string with `exec.Command("sh", "-c", command)`. # Reproduction 1. Enable the `exec` builtin on GoClaw `3.11.3` and configure `tools.execApproval.security=allowlist` with a wrapper such as `env` in the allowlist. 2. Send `POST /v1/tools/invoke` to the `exec` tool with a payload like `env /bin/sh -c 'echo VULNERABLE_BYPASS > marker.txt'`. 3. Observe that the request is approved as `env` and the inner shell command still creates the marker file. # Impact - Authenticated operators can execute shell payloads that should be blocked by the allowlist. - This breaks the intended host-command restriction boundary and enables unauthorized file writes and further host-side command execution.
Source⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1200
User
 Eric-b (UID 96354)
Submission06/11/2026 09:10 (1 month ago)
Moderation07/13/2026 19:23 (1 month later)
StatusAccepted
VulDB entry378127 [nextlevelbuilder GoClaw 3.11.3 exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist]
Points20

Do you need the next level of professionalism?

Upgrade your account now!