DSAI-Cline OS Command Injection Vulnerability Leading to Remote Code Execution

A critical OS command injection vulnerability has been identified in DSAI-Cline's command auto-approval module, affecting versions through 1.1.2. This vulnerability undermines the module's whitelist security mechanism, allowing attackers to execute arbitrary commands. The issue arises because the command validation logic only parses strings for dangerous operators and command substitution patterns, neglecting raw newline characters. By inserting a newline between a whitelisted command and malicious code, an attacker can trick the system into approving the command as safe. The PowerShell interpreter then executes both commands sequentially, enabling remote code execution without user interaction.

Impact

Exploitation of this vulnerability allows for remote code execution on the system where DSAI-Cline is running.

Reproduction

To reproduce this vulnerability, use DSAI-Cline version 1.1.2 or earlier. The vulnerability can be triggered by embedding a newline character between a whitelisted command and a malicious payload. For example, inserting a newline between 'git log' and a harmful command will cause DSAI-Cline to misinterpret it as a safe command, leading to execution of the malicious code.