SQLS Command Injection Vulnerability in Version 0.2.28
Vulnerability
A command injection vulnerability has been identified in SQLS version 0.2.28. The issue arises in the openEditor function, which improperly sanitizes the EDITOR environment variable and config file path before passing them to the shell. This flaw allows authenticated users to execute arbitrary commands with the same privileges as the SQLS process.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the host system.
Reproduction
The vulnerability can be reproduced by setting the PKG_CONFIG_PATH environment variable with a command injection payload, such as one that creates a file. After this, installing the sharp package will trigger the injection, as the vulnerable function is called during the package's post-installation process.
Remediation
Users are advised to update to SQLS version 0.2.29 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.