Argument Injection Vulnerability in ggit - 惯性聚合

推荐订阅源

Full Disclosure

WordPress大学

人人都是产品经理

大猫的无限游戏

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Vulnerabilities – Threatpost

Hugging Face - Blog

博客园_首页

CXSECURITY Database RSS Feed - CXSecurity.com

The Hacker News

奇客Solidot–传递最新科技情报

Attack and Defense Labs

SegmentFault 最新的问题

Simon Willison's Weblog

The Cloudflare Blog

阮一峰的网络日志

Tailwind CSS Blog

Last Week in AI

博客园 - 【当耐特】

Google Online Security Blog

美团技术团队

OSCHINA 社区最新新闻

Visual Studio Blog

罗磊的独立博客

LINUX DO - 最新话题

博客园 - Franky

博客园 - 叶小钗

Apple Machine Learning Research

The Last Watchdog

Java Code Geeks

酷壳 – CoolShell

Cyber Attacks, Cyber Crime and Cyber Security

Cisco Talos Blog

博客园 - 三生石上(FineUI控件)

Help Net Security

钛媒体：引领未来商业与生活新知

NodeJS Security & NodeJS Secure Coding's Blog

Hardening Your npm and pnpm Configs in the Age of Shai-Hulud Argument Injection vulnerability in git-blame@1.4.0 Argument Injection vulnerability in `gits@0.1.8` Command Injection vulnerability in `@fab1o/git@1.4.0` Command Injection vulnerability in `git-contributors` via unsanitized CLI arguments Command Injection vulnerability in `git-q@0.0.3` Command injection vulnerability via unsanitized CLI arguments in touxing/fast-git-clone Command Injection vulnerability in `willitmerge@0.2.1` A Directory Traversal Vulnerability I found in Mastra AI Frameworks MCP Server Mastering NPX: A Cheatsheet for npm and Node.js Power Users Mitigate Supply Chain Security with DevContainers and 1Password for Node.js Local Development The Tale of the Vulnerable MCP Database Server Bad Security Defaults in Mastra AI Frameworks Templates SQL Injection and Bypassing "Read-Only" Mode in Xata's MCP Server Security Advisory for qix npm supply-chain compromise affecting debug and billions of weekly download users How to Mitigate SQL Bypass in MCP Servers Enhancing MCP Server Security: A Guide to Using execFile How to Bypass Access Control in PostgreSQL in Simple PSQL MCP Server for SQL Injection Command Injection Flaws in ggit: Unveiling a Vulnerability Command Injection Vulnerability in Create MCP Server STDIO Tool Exposes System Monitoring Functions GitHub Kanban MCP Server Command Injection Vulnerability Threatens Developer Workflows Critical Command Injection Flaw in iOS Simulator MCP Server Exposes Development Environments Command Injection Vulnerability Discovered in Codehooks MCP Server: A Critical Security Analysis SSRF Shenanigans in safe-axios: Redirects Open the Backdoor SSRF Vulnerability in safe-axios: Unintended Public Address Classification Bypassing SSRF Safeguards in ssrfcheck: A Case of Incomplete Denylists Don't Be Fooled by Multicast, SSRF Bypass in private-ip Node.js Authentication from Lucia to Better Auth Bypassing SSRF Protection in nossrf: When Your Safeguards Become Loopholes Vue CLI Security Fix to Mitigate NPM Binary Planting Node.js API Security Vulnerabilities with Path Traversal in files-bucket-server Will You Accept These GPT 4o Secure Coding Recommendations? Command Injection Vulnerability in interactive-git-checkout npm package An Introduction to SSRF Bypasses and Denylist Failures Disclosing a Command Injection Vulnerability in `git-checkout-tool` Prisma Raw Query Leads to SQL Injection? Yes and No Flawed Git Promises Library on npm Leads to Command Injection Vulnerability Regex Gone Wrong: How parse-duration npm Package Can Crash Your Node.js App How I found an XSS in the Nuxt MDC Library for Markdown Content Holes in the Safety Net: Bypassing SSRF Protection in safe-axios How to Parse URLs from Markdown to HTML Securely? NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages Where to find npm vulnerabilities? How to Hunt for IDOR Vulnerabilities To Exploit Security Misconfiguration? How to Avoid JWT Security Mistakes in Node.js Can a Node.js Secure Code Review Find Future Vulnerabilities? The Okta bcrypt Security Incident and The Bun vs Node.js Angle in Secure By Design NodeJS Path Traversal Vulnerability Scanner Do not use secrets in environment variables and here's how to do it better How to use npm audit How to use yarn audit Raw SQL Queries are Actually Better for Security Than ORMs? Node API Security Is Node.js Secure? URL Regex Validation: what can go wrong? Uncovering a Prototype Pollution Regression in the core Node.js project Deno CLI Vulnerability Repeats npm mistakes: CVE-2024-37150 Security skills for JavaScript developers Understanding and Preventing Prototype Pollution in Node.js How to protect against a security breach in React Server Components IDOR Vulnerability: What is it and how to prevent it? The security vulnerability of serving images via a route as opposed to static middleware in Node.js Why is it considered a bad practice to write raw SQL commands? JS Security Concepts for JavaScript Developers Secure Coding Practices in Node.js Against Path Traversal Vulnerabilities Secure JavaScript Coding Practices Against Command Injection Vulnerabilities To IDOR or Not to IDOR: Insecure Direct Object Reference in JavaScript Applications Explained npm vulnerabilities: reviewing the security of your dependencies Disclosing code injection vulnerabilities in safe-eval-2 npm package Introducing Node.js Security Permissions Model, Threat Model, and Security Releases Common Node.js Security Issues and How to Mitigate Them How JavaScript developers should embrace npm security The XZ backdoor CVE-2024-3094: a JavaScript perspective Node.js Security Best Practices The Case for Node.js Secure Configuration Protecting Against Common Node.js Vulnerabilities Input Validation Security Best Practices for Node.js A Node.js Vulnerability Scanner to Avoid Security Risks of EOL Runtime Versions JavaScript Security Issues in Node.js Applications OWASP Node.js Authentication, Authorization and Cryptography Practices OWASP Node.js Best Practices Guide Secure JavaScript Coding to Avoid Insecure Direct Object References (IDOR) North Korea malware on npm and Ledger connect-kit crypto heist 10 Best Practices for Secure Code Review of Node.js code Node.js and OWASP Top Ten Command Injection: Don't Let Your App Go 'BOOM' Secure Code Review Tips to Defend Against Vulnerable Node.js Code Destroyed by Dashes: How Two Hyphens Cause Argument Injection Vulnerability in blamer npm Package Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript

Argument Injection Vulnerability in ggit

2025-09-04 · via NodeJS Security & NodeJS Secure Coding's Blog

The reported security disclosure details an Argument Injection vulnerability in the ggit npm package version 2.4.12 and earlier. Let’s break down the issue and how to address it.

Let’s breakdown the Argument Injection vulnerability in ggit:

Affected Function: The vulnerability exists in the clone function of ggit.
Input Validation Issue: The function doesn’t properly validate or sanitize user-provided input, particularly the url parameter.
Missing Flag Separation: The library doesn’t use the -- flag to separate command-line options from arguments passed to the git binary.
Exploitable Option: The --upload-pack option in the Git command allows specifying a custom command to execute on the remote server. However, in this case, it’s being used to inject arbitrary commands on the user’s machine.

Exploit Scenario

The provided Proof-of-Concept (POC) code demonstrates how an attacker can exploit this vulnerability:

The attacker provides a malicious URL that includes the --upload-pack option followed by a command to create a file named pwned in the /tmp directory.
Since the library doesn’t properly handle the URL, the entire string is passed to the git binary as a single argument.
The --upload-pack option is interpreted by the git binary, and the subsequent command to create the file is executed on the user’s machine.

Vulnerable Code and Argument Injection Exploit

Install ggit@2.4.12 or earlier
Establish the following POC:

const clone = require("ggit").cloneRepo;
clone({
    url: "--upload-pack=$(touch /tmp/pwned)",
    folder: "/tmp/dbd",
}).then(function () {
    console.log("cloned repo to destination folder");
});

Impact

This vulnerability can allow attackers to execute arbitrary commands on a user’s system with the privileges of the user running the ggit library. This could lead to data theft, system compromise, or other malicious activities.

Conclusion

Argument Injection vulnerabilities can be serious security risks. It’s crucial to keep software libraries updated and to validate user input whenever possible to prevent such attacks. By following these recommendations, you can help mitigate the risk associated with this vulnerability in ggit.

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。