OpenHands Command Injection Vulnerability in Git Diff Handler

A command injection vulnerability has been identified in OpenHands versions through 1.4.0. The issue arises in the 'get_git_diff()' method, where the 'path' parameter from the '/api/conversations/{conversation_id}/git/diff' endpoint is passed to a shell command without proper sanitization. This flaw allows authenticated attackers to execute arbitrary commands within the agent sandbox, bypassing normal execution channels. The vulnerability is rooted in inadequate input validation, enabling attackers to manipulate command execution with shell metacharacters.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary commands on the server with elevated privileges, potentially leading to unauthorized access or modification of sensitive files and application data.

Reproduction

To reproduce this vulnerability, send a request to the '/api/conversations/{conversation_id}/git/diff' endpoint with a 'path' parameter that includes shell metacharacters, such as a semicolon followed by a command. The injected command will be executed on the server, demonstrating the command injection flaw.

Remediation

Users should update to OpenHands version 1.5.0 or later, which addresses the vulnerability by properly sanitizing the 'path' parameter before it is used in shell commands.