Skip to content
This repository has been archived by the owner on Dec 19, 2023. It is now read-only.

Fixed RCE in heroku-exec-util #1

Merged
merged 1 commit into from
Sep 14, 2020
Merged

Fixed RCE in heroku-exec-util #1

merged 1 commit into from
Sep 14, 2020

Conversation

d3m0n-r00t
Copy link

@d3m0n-r00t d3m0n-r00t commented Sep 9, 2020
edited by JamieSlome
Loading

📊 Metadata *

Fixed RCE in heroku-exec-util

Bounty URL: https://www.huntr.dev/bounties/1-npm-heroku-exec-util

⚙️ Description *

The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection

💻 Technical Description *

Fixed RCE in heroku-exec-util using execFile in the place of exec.

🐛 Proof of Concept (PoC) *

var heu = require('heroku-exec-util');
heu.ssh({args:{}},'test; touch HACKED; #','','test',{path:'test'})

poc

🔥 Proof of Fix (PoF) *

Fixed RCE by using execFile.
pof

👍 User Acceptance Testing (UAT)

App seems to be working fine.

Mik317
Mik317 approved these changes Sep 10, 2020
View reviewed changes
Copy link

@Mik317 Mik317 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 😄 🦖

Cheers,
Mik

bbeale
bbeale approved these changes Sep 10, 2020
View reviewed changes
Copy link

@bbeale bbeale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice fix 👍

mufeedvh
mufeedvh approved these changes Sep 10, 2020
View reviewed changes
Copy link

@mufeedvh mufeedvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great fix! 👏🎉

LGTM

@JamieSlome JamieSlome merged commit a396c83 into 418sec:master Sep 14, 2020
@huntr-helper
Copy link

Congratulations d3m0n-r00t - your fix has been selected! 🎉

Thanks for being part of the community & helping secure the world's open source code.
If you have any questions, please respond in the comments section, or hit us up on Discord. Your bounty is on its way - keep hunting!

Come join us on Discord

@huntr-helper huntr-helper mentioned this pull request Sep 14, 2020
Merged
@EffectRenan EffectRenan mentioned this pull request Mar 22, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Mik317 Mik317 Mik317 approved these changes

@mufeedvh mufeedvh mufeedvh approved these changes

@bbeale bbeale bbeale approved these changes

@toufik-airane toufik-airane toufik-airane approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@d3m0n-r00t @huntr-helper @toufik-airane @bbeale @mufeedvh @Mik317 @JamieSlome