Langflow Unauthenticated Remote Shell Injection Vulnerability in GitHub Actions Workflows

A remote shell injection vulnerability has been identified in multiple GitHub Actions workflows within the Langflow repository, affecting versions prior to 1.9.0. This vulnerability arises from the unsanitized interpolation of GitHub context variables, such as `${{ github.head_ref }}}`, in `run:` steps. Attackers can exploit this by injecting arbitrary shell commands through a malicious branch name or pull request title. The exploitation of this vulnerability could lead to the exfiltration of secrets like the `GITHUB_TOKEN`, manipulation of infrastructure, or compromise of the supply chain during CI/CD execution.

Impact

Exploitation of this vulnerability allows for shell injection and remote code execution within the CI environment. This could result in unauthorized access to CI secrets, such as the `GITHUB_TOKEN`, and the potential to misuse these secrets, for example, by pushing malicious tags or images, tampering with releases, or leaking sensitive infrastructure information.

Reproduction

To reproduce this vulnerability, fork the Langflow repository and create a new branch with a name that includes a command to exfiltrate the `GITHUB_TOKEN` via a curl request to an external server. Then, open a pull request from this branch to the main branch. This will trigger the GitHub Actions workflow that contains the vulnerability. The injected command will be executed, and the `GITHUB_TOKEN` will be sent to the specified external server.

Remediation

Users are advised to update to Langflow version 1.9.0 or later. For those unable to update, refactor affected workflows to use environment variables and wrap them in double quotes, avoiding direct interpolation of user-controlled values in `run:` steps.