Security Fix for Remote Code Execution - huntr.dev

[huntr-helper]

https://huntr.dev/users/d3m0n-r00t has fixed the Remote Code Execution vulnerability 🔨. d3m0n-r00t has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/heroku-exec-util/1/README.md

User Comments:

📊 Metadata *

Fixed RCE in heroku-exec-util

Bounty URL: https://www.huntr.dev/bounties/1-npm-heroku-exec-util

⚙️ Description *

The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection

💻 Technical Description *

Fixed RCE in heroku-exec-util using execFile in the place of exec.

🐛 Proof of Concept (PoC) *

var heu = require('heroku-exec-util');
heu.ssh({args:{}},'test; touch HACKED; #','','test',{path:'test'})

🔥 Proof of Fix (PoF) *

Fixed RCE by using execFile.

👍 User Acceptance Testing (UAT)

App seems to be working fine.

[JamieSlome]

@jkutner - let me know if you have any thoughts or questions!

Cheers! 🍰