inclusionAI AWorld OS Command Injection Vulnerability

A critical OS command injection vulnerability has been identified in inclusionAI AWorld versions prior to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. The issue arises in the file AWorld/aworld/virtual_environments/terminals/shell_tool.py', where user input commands are executed using 'subprocess.run()' and 'subprocess.Popen()' with the 'shell' parameter set to 'True'. This configuration allows attackers to inject malicious commands that can be executed by the system, potentially leading to severe consequences such as system damage or data loss. The vulnerability can be exploited remotely, although the attack's complexity is considered high.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution, with the potential for significant system damage or data loss.

Reproduction

The vulnerability can be reproduced by inputting a command injection payload into the application interface that accepts shell commands. For example, injecting a command like '; rm -rf /' would execute the malicious command after the original command, causing catastrophic data loss. Alternatively, a more discreet approach could involve downloading and executing a backdoor script from a remote server.