Registrator GitHub App Argument Injection Vulnerability in Clone URL Handling Allowing Remote Code Execution
Vulnerability
A critical argument injection vulnerability has been identified in the Registrator GitHub app, specifically in versions prior to 1.9.5. This vulnerability arises in the 'gettreesha()' function, where external inputs can be injected into command execution. If the clone URL provided by GitHub is malicious or can be manipulated through upstream vulnerabilities, it may lead to remote code execution. Users are advised to upgrade to version 1.9.5 immediately, as no workarounds are available.
Impact
Exploitation of this vulnerability allows for argument injection in the 'gettreesha()' function, which can be exploited to execute arbitrary code remotely.
Reproduction
To reproduce this vulnerability, use a version of the Registrator GitHub app prior to 1.9.5. Inject a malicious clone URL that could exploit upstream vulnerabilities into the application. When the 'gettreesha()' function is called, the injected argument can be executed as a command, leading to remote code execution.
Remediation
Users should upgrade to Registrator version 1.9.5, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.