Sherlock Command Injection Vulnerability in GitHub Actions Workflow

A command injection vulnerability has been identified in the GitHub Actions workflow 'validate_modified_targets.yml' of the Sherlock project, prior to version 0.16.1. This vulnerability allows any GitHub user to execute arbitrary commands on the Continuous Integration (CI) runner and exfiltrate the 'GITHUB_TOKEN' by opening a pull request. The issue arises because the workflow processes JSON key names controlled by the pull request author, injecting them directly into a shell command. Exploitation of this vulnerability does not require approval, review, or merge of the pull request.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the CI runner and unauthorized access to the 'GITHUB_TOKEN', which can be used to approve pull requests, bypassing code review requirements, and to manipulate repository issues and pull requests as if from the project's automation.

Reproduction

To reproduce this vulnerability, fork the Sherlock repository and open a pull request with a crafted 'data.json' key that includes shell metacharacters. This will trigger the 'validate_modified_targets.yml' workflow, which processes the injected command and exfiltrates the 'GITHUB_TOKEN' to an external server. Once the token is received, it can be used to approve the pull request, bypassing any review process.

Remediation

Users are advised to update to Sherlock version 0.16.1 or later, and to modify the 'validate_modified_targets.yml' workflow to replace direct JSON key name interpolation with a shell environment variable, while disabling credential persistence.