WorkClaw OS Command Injection Vulnerability in Blacklist Handler

A command injection vulnerability has been identified in WorkClaw versions through 0.6.4. The issue resides in the Blacklist Handler component, specifically within the 'is_dangerous' function of 'apps/runtime/src-tauri/src/agent/tools/bash.rs'. This vulnerability allows for OS command injection, which can be executed remotely. The problem stems from flawed blacklist-based command filtering, which fails to adequately detect and block malicious command variants. Despite being publicly disclosed, the project maintainers have not yet addressed the issue.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the host system, potentially leading to severe consequences such as data loss, system damage, or unauthorized access to sensitive information.

Reproduction

The vulnerability can be reproduced by using the 'is_dangerous' function, which incorrectly filters out dangerous commands. Malicious commands can be crafted to bypass the detection, such as those with multiple spaces, absolute paths, line breaks, or quoted parameters. Commands that are commonly known to be harmful but not included in the application's blacklist can also be used to exploit this vulnerability.