This repository has been archived by the owner on Aug 13, 2021. It is now read-only.
Security Fix for Remote Code Execution - huntr.dev #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixed Code Execution bug on empeem
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://huntr.dev/app/users/Asjidkalam has fixed the Remote Code Execution vulnerability 🔨. Asjidkalam has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
GitHub Issue URL | #9
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/enpeem/1/README.md
User Comments:
📊 Metadata *
Please enter the direct URL for this bounty on huntr.dev. This is compulsory and will help us process your bounty submission quicker.
Bounty URL: https://www.huntr.dev/app/bounties/open/1-npm-enpeem
⚙️ Description *
Fixed the code execution by replacing an unsafe way to execute the commands (
exec) with a cleaner function (execFile).💻 Technical Description *
There are a few instances in the index.js file calling
exec, which wraps theexecfunction from child_process. I've replaced this call toexecFilein the index.js file so we can reliably pass arguments to it. This solves the code injection issue as provided in the POC.🐛 Proof of Concept (PoC) *
Create a project with the vulnerable package and run the following snippet, a file named
HACKEDshould appear in the current working directory, demonstrating the code execution issue.🔥 Proof of Fix (PoF) *
After applying the fix, run the snippet again and no file was created, hence the code execution in mitigated.
👍 User Acceptance Testing (UAT)
The only line of code changed was
exectoexecFile, and no external libraries are used. So it doesn't break the code.References:
https://gist.github.com/evilpacket/5a9655c752982faf7c4ec6450c1cbf1b