Two Command Injection Vulnerabilities in Gerapy [CVE-2021-32849]
Original Post:
We discussed this vulnerability during Episode 103 on 29 November 2021
Two straight-forward command injection issues in Gerapy.
The first in the project_clone
function, where the address
of the Git project to clone is taken directly from the HTTP POST body and used directly in the git clone {address}...
command later without any sanitization of control characters.
The second is similar but in project_parse
. In this case, it is reading an argument and value which is places directly into a command string that is passed to a shell to be executed.