Security Fix for Remote Code Execution - huntr.dev

[huntr-helper]

https://huntr.dev/users/d3m0n-r00t has fixed the Remote Code Execution vulnerability 🔨. d3m0n-r00t has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/gitwin/1/README.md

User Comments:

📊 Metadata *

Fixed RCE in gitwin

Bounty URL: https://www.huntr.dev/bounties/1-npm-gitwin

⚙️ Description *

The gitwin module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection.

💻 Technical Description *

Fixed RCE by using execFile instead of exec

🐛 Proof of Concept (PoC) *

var _gitwin = require('gitwin');
var gitwin = new _gitwin();
gitwin.path = "test; touch HACKED; #";
gitwin.pull();

🔥 Proof of Fix (PoF) *

Fixed Rce by using execFile

👍 User Acceptance Testing (UAT)

App seems to run fine.

[JamieSlome]

@jhaker @UHAKEJO - let me know if you have any questions or thoughts!

Cheers! 🍰