Daniel Miessler Personal AI Infrastructure OS Command Injection Vulnerability

A command injection vulnerability has been identified in Daniel Miessler's Personal AI Infrastructure (PAI) version 2.3.0 and prior. The issue resides in the Parser skill, specifically within the 'parse_url.ts' file. The vulnerability allows remote execution of arbitrary commands on the host system by exploiting the application's URL processing feature, which uses shell-based command execution without proper sanitization. This flaw could lead to a full compromise of the machine running PAI.

Impact

Exploitation of this vulnerability allows for remote command execution on the host system, potentially leading to a complete takeover of the machine. Additionally, there is a risk of unauthorized access to sensitive personal data stored within the PAI directory, which could be exfiltrated or misused.

Reproduction

To reproduce this vulnerability, upload a URL containing shell metacharacters to the PAI assistant. The AI will process the URL using the vulnerable 'parse_url.ts' script, executing the command injection payload on the host system.

Remediation

Users are advised to update to PAI version 2.3.1 or later, where this vulnerability has been patched. The update is available on the project's GitHub Releases page.