Security Fix for RCE on "mrgit" - huntr.dev

[huntr-helper]

https://huntr.dev/users/alromh87 has fixed the RCE on "mrgit" vulnerability 🔨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/mrgit/1/README.md

User Comments:

📊 Metadata *

Bounty URL: https://www.huntr.dev/bounties/1-npm-mrgit

⚙️ Description *

mrgit was vulnerable against arbitrary command injection cause some user supplied inputs were taken and executed with shelljs function without prior validation.
After update Arbitary Code Execution is avoided

💻 Technical Description *

Comands are executed using shelljs without sanitization, leading to Arbitrary Code Execution, missing sanitization was added

🐛 Proof of Concept (PoC) *

Install the package and run the below code:

const diff = require( './lib/commands/diff' );
diff.execute({arguments:['test; touch HACKED; #'], toolOptions:{packages:'', }, repository:{directory:''}})

It will create a file HACKED in the working directory.

🔥 Proof of Fix (PoF) *

After fix no file is created

👍 User Acceptance Testing (UAT)

Commands can be executed normally