Submit #855848: nextlevelbuilder GoClaw 3.13.2 OS Command Injection (CWE-78)info

Titlenextlevelbuilder GoClaw 3.13.2 OS Command Injection (CWE-78)
Description# Technical Details An OS Command Injection vulnerability exists in the `matchesAllowlist` method in `internal/tools/exec_approval.go` of GoClaw. The application fails to normalize or segment shell chains before approval. The documented `POST /v1/tools/invoke` API accepts user-controlled `args.command`, `ExecApprovalManager.CheckCommand()` authorizes the request if the first token matches the allowlist, and `ExecTool.Execute()` later executes the unchanged command string with `/bin/sh -c` on POSIX systems. As a result, a payload like `echo allowlisted && touch /path/to/canary` is approved because the first token is `echo`, but the shell also executes the second command segment. # Vulnerable Code File: internal/tools/exec_approval.go Method: matchesAllowlist Why: The allowlist compares only `extractBin(command)` to configured patterns. After that, `internal/tools/shell.go` calls `executeOnHost(ctx, command, cwd)` and `exec.Command(shellPath, "-c", command)`, so shell operators such as `&&` remain interpreted by the host shell. # Reproduction 1. Configure GoClaw `3.13.2` with the built-in `exec` tool enabled, `tools.execApproval.security="allowlist"`, `tools.execApproval.ask="off"`, and an allowlist containing `echo`. 2. Submit `POST /v1/tools/invoke` with `args.command` set to `echo allowlisted && touch /path/to/canary`. 3. Confirm that a direct `touch /path/to/canary` request is denied but the chained payload is accepted and creates the canary file. # Impact - Authenticated operators can execute non-allowlisted host commands by chaining them after an allowlisted prefix. - This permits unauthorized file creation, modification, follow-on payload staging, and broader host-side command execution.
Source⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1208
User Eric-e (UID 97581)
Submission06/11/2026 10:39 (1 month ago)
Moderation07/13/2026 19:24 (1 month later)
StatusDuplicate
VulDB entry378127 [nextlevelbuilder GoClaw 3.11.3 exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist]
Points0

Do you know our Splunk app?

Download it now for free!