| tiêu đề | antlr ANTLR4 4.13.2 Command Injection |
|---|
| Mô tả | When ANTLR4 generates Go code (-Dlanguage=Go), the GoTarget class executes gofmt using ProcessBuilder("gofmt", ...) without specifying an absolute path. The binary is resolved via the PATH environment variable. An attacker who can prepend a directory to PATH (via compromised build scripts, CI environment injection, or .envrc files) can place a malicious executable named gofmt that will be executed with the privileges of the build process. This was confirmed to achieve code execution with a crafted PATH. |
|---|
| Nguồn | ⚠️ https://github.com/wooyun123/wooyun/issues/6 |
|---|
| Người dùng | jiazhou (UID 89028) |
|---|
| Đệ trình | 27/05/2026 10:52 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 27/06/2026 20:28 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 374496 [antlr ANTLR4 đến 4.13.2 gofmt GoTarget.java GoTarget nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|