@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plug
- Severity:
- High
Description
When creating a new plugin using the git source, the user-controlled value req.body.name is used to build the plugin directory where the location will be cloned. The API used to execute the git clone command with the user-controlled data is child_process.execSync.
Recommendation
Update the @saltcorn/plugins-loader package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.0.0-beta.13
- Patched version(s): 1.0.0-beta.14
References
Related Issues
- @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
- Strapi may leak sensitive user information, user reset password, tokens via content-manager views (GHSA-v8gg-4mq2-88q4) - CVE-2023-36472
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- @saltcorn/plugins-loader
Anything's wrong? Let us know Last updated on October 04, 2024