Common Weakness Enumeration

CWE-77

Allowed-with-Review

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Abstraction: Class · Status: Draft

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

5383 vulnerabilities reference this CWE, most recent first.

GHSA-W75P-4V5M-Q267

Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30
VLAI
Details

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.",
  "id": "GHSA-w75p-4v5m-q267",
  "modified": "2023-02-10T03:30:18Z",
  "published": "2023-02-03T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/meshSlaveDlfw/meshSlaveDlfw.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W77V-9MP2-FHR5

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2023-05-22 21:30
VLAI
Details

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-w77v-9mp2-fhr5",
  "modified": "2023-05-22T21:30:15Z",
  "published": "2022-05-24T16:56:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12650"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7F2-GJXF-2GM9

Vulnerability from github – Published: 2022-05-14 02:49 – Updated: 2022-07-06 20:40
VLAI
Summary
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
Details

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:apache-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "2.0.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:apache-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-0225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:40:57Z",
    "nvd_published_at": "2015-04-03T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.",
  "id": "GHSA-w7f2-gjxf-2gm9",
  "modified": "2022-07-06T20:40:57Z",
  "published": "2022-05-14T02:49:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Neutralization of Special Elements used in a Command  in Apache Cassandra"
}

GHSA-W7JW-789Q-3M8P

Vulnerability from github – Published: 2026-06-09 14:27 – Updated: 2026-06-09 14:27
VLAI
Summary
shell-quote quote() does not escape newlines in object .op values
Details

Summary

shell-quote's quote() function did not validate object-token inputs against the operator model used by parse(). The .op field was backslash-escaped character by character using /(.)/g, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line terminator in .op therefore passed through unescaped into the output; POSIX shells treat a literal \n as a command separator, so any content after it would execute as a second command.

The vulnerable code path is reachable in two ways. Neither requires the parser to misbehave — parse() only emits ops from a fixed control set — but both are documented API surface:

  1. Direct construction. A caller builds { op: '...\n...' } from external input (e.g. a deserialized argument array) and passes it to quote().
  2. envFn return. parse(cmd, envFn) is documented to splice the return value of envFn into the result array when it is an object. An attacker-influenced data source consulted by envFn can introduce an object token whose .op reaches quote().

Impact

Shell command injection in callers that pass object tokens with attacker-influenced .op values to quote() and then hand the result to a shell. The preconditions are narrower than ordinary string injection — they require the caller to feed object tokens into quote() — but object tokens are a public, documented part of the API surface, and quote() is intended to be a shell-safety boundary.

PoC

const { parse, quote } = require('shell-quote');

// Direct construction
quote([{ op: ';\nid' }]);
// → "\;\n\\i\\d"  ← literal newline; second line executes as a command

// Via parse() with an envFn returning attacker-shaped objects
const tokens = parse('echo $X', () => ({ op: ';\nid' }));
require('child_process').execSync(quote(tokens), { shell: true });
// Executes `id` after `echo \;`.

Confirmed under sh, bash, dash, and zsh.

Patch

Fixed by replacing the per-character escape with strict shape validation in quote(). The object-token branch now:

  • { op }.op must be a string from the same allowlist the parser emits (||, &&, ;;, |&, <(, <<<, >>, >&, <&, &, ;, (, ), |, <, >). Anything else throws TypeError. This is the direct fix for the reported issue and removes the entire class of .op injection.
  • { op: 'glob', pattern }.pattern must be a string with no line terminators. Glob metacharacters (*, ?, [, ], {, }, ,) pass through; all other shell-special characters are backslash-escaped. (Previously the pattern field was discarded entirely and the literal string \g\l\o\b was emitted — a latent bug, not security-relevant.)
  • { comment }.comment must be a string with no line terminators (line terminators would end the shell comment and resume command parsing — same injection shape).
  • Any other object shapeTypeError.

The fix is allowlist-based rather than a targeted regex tweak, so it closes the reported vector and forecloses adjacent ones (U+2028 / U+2029 line separators in .op, line terminators in comments, unknown-shape objects coerced through .replace).

Workarounds

Prior to upgrading, callers that build object tokens from untrusted input should validate .op against the parser's operator set themselves, and never construct { op } from attacker-controlled strings.

Credits

Reported by Akshat Sinha

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "shell-quote"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-9277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-09T14:27:15Z",
    "nvd_published_at": "2026-05-22T14:16:30Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\n`shell-quote`\u0027s `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (`\\n`, `\\r`, U+2028, U+2029). A line terminator in `.op` therefore passed through unescaped into the output; POSIX shells treat a literal `\\n` as a command separator, so any content after it would execute as a second command.\n\nThe vulnerable code path is reachable in two ways. Neither requires the parser to misbehave \u2014 `parse()` only emits ops from a fixed control set \u2014 but both are documented API surface:\n\n1. **Direct construction.** A caller builds `{ op: \u0027...\\n...\u0027 }` from external input (e.g. a deserialized argument array) and passes it to `quote()`.\n2. **`envFn` return.** `parse(cmd, envFn)` is documented to splice the return value of `envFn` into the result array when it is an object. An attacker-influenced data source consulted by `envFn` can introduce an object token whose `.op` reaches `quote()`.\n\n### Impact\n\nShell command injection in callers that pass object tokens with attacker-influenced `.op` values to `quote()` and then hand the result to a shell. The preconditions are narrower than ordinary string injection \u2014 they require the caller to feed object tokens into `quote()` \u2014 but object tokens are a public, documented part of the API surface, and `quote()` is intended to be a shell-safety boundary.\n\n### PoC\n\n```js\nconst { parse, quote } = require(\u0027shell-quote\u0027);\n\n// Direct construction\nquote([{ op: \u0027;\\nid\u0027 }]);\n// \u2192 \"\\;\\n\\\\i\\\\d\"  \u2190 literal newline; second line executes as a command\n\n// Via parse() with an envFn returning attacker-shaped objects\nconst tokens = parse(\u0027echo $X\u0027, () =\u003e ({ op: \u0027;\\nid\u0027 }));\nrequire(\u0027child_process\u0027).execSync(quote(tokens), { shell: true });\n// Executes `id` after `echo \\;`.\n```\n\nConfirmed under `sh`, `bash`, `dash`, and `zsh`.\n\n### Patch\n\nFixed by replacing the per-character escape with strict shape validation in `quote()`. The object-token branch now:\n\n- **`{ op }`** \u2014 `.op` must be a string from the same allowlist the parser emits (`||`, `\u0026\u0026`, `;;`, `|\u0026`, `\u003c(`, `\u003c\u003c\u003c`, `\u003e\u003e`, `\u003e\u0026`, `\u003c\u0026`, `\u0026`, `;`, `(`, `)`, `|`, `\u003c`, `\u003e`). Anything else throws `TypeError`. This is the direct fix for the reported issue and removes the entire class of `.op` injection.\n- **`{ op: \u0027glob\u0027, pattern }`** \u2014 `.pattern` must be a string with no line terminators. Glob metacharacters (`*`, `?`, `[`, `]`, `{`, `}`, `,`) pass through; all other shell-special characters are backslash-escaped. (Previously the pattern field was discarded entirely and the literal string `\\g\\l\\o\\b` was emitted \u2014 a latent bug, not security-relevant.)\n- **`{ comment }`** \u2014 `.comment` must be a string with no line terminators (line terminators would end the shell comment and resume command parsing \u2014 same injection shape).\n- **Any other object shape** \u2014 `TypeError`.\n\nThe fix is allowlist-based rather than a targeted regex tweak, so it closes the reported vector and forecloses adjacent ones (U+2028 / U+2029 line separators in `.op`, line terminators in comments, unknown-shape objects coerced through `.replace`).\n\n### Workarounds\n\nPrior to upgrading, callers that build object tokens from untrusted input should validate `.op` against the parser\u0027s operator set themselves, and never construct `{ op }` from attacker-controlled strings.\n\n### Credits\n\nReported by Akshat Sinha",
  "id": "GHSA-w7jw-789q-3m8p",
  "modified": "2026-06-09T14:27:15Z",
  "published": "2026-06-09T14:27:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ljharb/shell-quote/commit/1518179"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ljharb/shell-quote"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/shell-quote"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/23/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "shell-quote quote() does not escape newlines in object .op values"
}

GHSA-W7M5-FQXG-P9Q5

Vulnerability from github – Published: 2025-11-10 09:30 – Updated: 2025-11-10 09:30
VLAI
Details

A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system.

Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these.

Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.100+ * 24.18.192+ * 25.0.69+ * 25.6.57+ * 25.8.39+ * 25.10.22+

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-10T09:15:41Z",
    "severity": "HIGH"
  },
  "details": "A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted\u00a0instances. No user action is required for these.\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page  https://download.looker.com/ :\n  *  24.12.100+\n  *  24.18.192+\n  *  25.0.69+\n  *  25.6.57+\n  *  25.8.39+\n  *  25.10.22+",
  "id": "GHSA-w7m5-fqxg-p9q5",
  "modified": "2025-11-10T09:30:27Z",
  "published": "2025-11-10T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12155"
    },
    {
      "type": "WEB",
      "url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W7MW-3WP8-X68J

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-06-29 00:00
VLAI
Details

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.",
  "id": "GHSA-w7mw-3wp8-x68j",
  "modified": "2022-06-29T00:00:52Z",
  "published": "2022-05-24T17:40:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3317"
    },
    {
      "type": "WEB",
      "url": "https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/161208/Klog-Server-2.4.1-Command-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7P4-J59Q-JJC7

Vulnerability from github – Published: 2025-11-10 21:30 – Updated: 2025-11-12 21:31
VLAI
Details

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-10T21:15:39Z",
    "severity": "MODERATE"
  },
  "details": "KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root.",
  "id": "GHSA-w7p4-j59q-jjc7",
  "modified": "2025-11-12T21:31:07Z",
  "published": "2025-11-10T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63296"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/t4e-3/082cdd0b7ee6b650c7aaae97fd4e016c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/t4e-3/CVE-2025-63296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7P8-RXJG-J7WX

Vulnerability from github – Published: 2024-11-19 21:31 – Updated: 2024-11-19 21:31
VLAI
Details

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T19:15:08Z",
    "severity": "HIGH"
  },
  "details": "A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.",
  "id": "GHSA-w7p8-rxjg-j7wx",
  "modified": "2024-11-19T21:31:32Z",
  "published": "2024-11-19T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51503"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0018154"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7QC-6GRJ-W7R8

Vulnerability from github – Published: 2025-06-30 17:46 – Updated: 2025-08-04 20:32
VLAI
Summary
File Browser vulnerable to command execution allowlist bypass
Details

Summary

The Command Execution feature of Filebrowser only allows the execution of shell command which have been predefined on a user-specific allowlist. The implementation of this allowlist is erroneous, allowing a user to execute additional commands not permitted.

Impact

A user can execute more shell commands than they are authorized for. The concrete impact of this vulnerability depends on the commands configured, and the binaries installed on the server or in the container image. Due to the missing separation of scopes on the OS-level, this could give an attacker access to all files managed the application, including the File Browser database.

Vulnerability Description

For a user to make use of the command execution feature, two things need to happen in advance:

  1. An administrator needs to grant that account the Execute commands permission
  2. The command to be executed needs to be listed in the Commands input field (also done by an administrator)

If a user tries to execute a different command, it gets rejected by the application.

The allowlist verification of a command happens in the function CanExecute in the file users/users.go:

// CanExecute checks if an user can execute a specific command.
func (u *User) CanExecute(command string) bool {
    if !u.Perm.Execute {
        return false
    }

    for _, cmd := range u.Commands {
        if regexp.MustCompile(cmd).MatchString(command) {
            return true
        }
    }

    return false
}

This check employs a regular expression which does not test if the command issued (command) is identical to a configured one (cmd, part of the array u.Commands) but rather only if the issued command contains an allowed one. This has the consequence, that, e.g., if you are only granted access to the ls command, you will also be allowed to execute lsof and lsusb.

As a prerequisite, an attacker needs an account with the Execute Commands permission and some permitted commands.

Proof of Concept

Grant a user the Execute commands permission and allow them to use only ls in the Commands field.

image

Afterwards, login as that user, open a command execution window and execute lsof and lsusb.

image

Recommended Countermeasures

The CanExecute function in the Filebrowser source code should be fixed to only allow exact matches of the command specified instead of doing partial matching. The correctness of this fix should be extensively tested in the application's automated test suite.

Timeline

  • 2025-03-25 Identified the vulnerability in version 2.32.0
  • 2025-04-11 Contacted the project
  • 2025-04-18 Vulnerability disclosed to the project
  • 2025-06-25 Uploaded advisories to the project's GitHub repository
  • 2025-06-25 CVE ID assigned by GitHub
  • 2025-06-26 Fix released in version 2.33.10

References

Credits

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.33.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-52995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T17:46:22Z",
    "nvd_published_at": "2025-06-30T20:15:25Z",
    "severity": "HIGH"
  },
  "details": "## Summary ##\n\nThe *Command Execution* feature of Filebrowser only allows the execution of shell command which have been predefined on a user-specific allowlist. The implementation of this allowlist is erroneous, allowing a user to execute additional commands not permitted.\n\n## Impact ##\n\nA user can execute more shell commands than they are authorized for. The concrete impact of this vulnerability depends on the commands configured, and the binaries installed on the server or in the container image. Due to the missing separation of *scopes* on the OS-level, this could give an attacker access to all files managed the application, including the File Browser database.\n\n## Vulnerability Description ##\n\nFor a user to make use of the command execution feature, two things need to happen in advance:\n\n1. An administrator needs to grant that account the `Execute commands` permission\n2. The command to be executed needs to be listed in the `Commands` input field (also done by an administrator)\n\nIf a user tries to execute a different command, it gets rejected by the application.\n\nThe allowlist verification of a command happens in the function `CanExecute` in the file `users/users.go`:\n\n```go\n// CanExecute checks if an user can execute a specific command.\nfunc (u *User) CanExecute(command string) bool {\n\tif !u.Perm.Execute {\n\t\treturn false\n\t}\n\n\tfor _, cmd := range u.Commands {\n\t\tif regexp.MustCompile(cmd).MatchString(command) {\n\t\t\treturn true\n\t\t}\n\t}\n\n\treturn false\n}\n```\n\nThis check employs a regular expression which does not test if the command issued (`command`) is identical to a configured one (`cmd`, part of the array `u.Commands`) but rather only if the issued command contains an allowed one.\nThis has the consequence, that, e.g., if you are only granted access to the `ls` command, you will also be allowed to execute `lsof` and `lsusb`.\n\nAs a prerequisite, an attacker needs an account with the `Execute Commands` permission and some permitted commands.\n\n## Proof of Concept ##\n\nGrant a user the `Execute commands` permission and allow them to use only `ls` in the `Commands` field.\n\n![image](https://github.com/user-attachments/assets/30b84315-16bd-4b8f-ba30-2a395c89f002)\n\nAfterwards, login as that user, open a command execution window and execute `lsof` and `lsusb`.\n\n![image](https://github.com/user-attachments/assets/f40baf90-832e-4ced-a596-bc75cf691549)\n\n## Recommended Countermeasures ##\n\nThe `CanExecute` function in the *Filebrowser* source code should be fixed to only allow exact matches of the command specified instead of doing partial matching.\nThe correctness of this fix should be extensively tested in the application\u0027s automated test suite.\n\n## Timeline ##\n\n* `2025-03-25` Identified the vulnerability in version 2.32.0\n* `2025-04-11` Contacted the project\n* `2025-04-18` Vulnerability disclosed to the project\n* `2025-06-25` Uploaded advisories to the project\u0027s GitHub repository\n* `2025-06-25` CVE ID assigned by GitHub\n* `2025-06-26` Fix released in version 2.33.10\n\n## References ##\n\n* [Original Advisory](https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-05_Filebrowser_Bypass_Command_Execution_Allowlist)\n\n## Credits ##\n\n* Mathias Tausig ([SBA Research](https://www.sba-research.org/))",
  "id": "GHSA-w7qc-6grj-w7r8",
  "modified": "2025-08-04T20:32:20Z",
  "published": "2025-06-30T17:46:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-w7qc-6grj-w7r8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52995"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/commit/4d830f707fc4314741fd431e70c2ce50cd5a3108"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/filebrowser/filebrowser"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/releases/tag/v2.33.10"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-05_Filebrowser_Bypass_Command_Execution_Allowlist"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3795"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "File Browser vulnerable to command execution allowlist bypass"
}

GHSA-W7VV-CHH5-RJFJ

Vulnerability from github – Published: 2024-10-24 21:31 – Updated: 2024-10-25 21:31
VLAI
Details

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-24T19:15:15Z",
    "severity": "HIGH"
  },
  "details": "A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.",
  "id": "GHSA-w7vv-chh5-rjfj",
  "modified": "2024-10-25T21:31:27Z",
  "published": "2024-10-24T21:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48142"
    },
    {
      "type": "WEB",
      "url": "https://github.com/soursec/CVEs/tree/main/CVE-2024-48142"
    },
    {
      "type": "WEB",
      "url": "https://monica.im/desktop"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

If at all possible, use library calls rather than external processes to recreate the desired functionality.

Mitigation
Implementation

If possible, ensure that all external commands called from the program are statically created.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Operation

Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.

Mitigation
System Configuration

Assign permissions that prevent the user from accessing/opening privileged files.

CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-183: IMAP/SMTP Command Injection

An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

CAPEC-248: Command Injection

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC-40: Manipulating Writeable Terminal Devices

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.