Vuln: Arbitrary command execution in package downloading
xslendix opened this issue · 2 comments
xslendix commented
Here: https://github.com/statulr/aurc/blob/main/src/aurc_aur.c#L53 if the package name is something like this: &&funny_stuff
this can be very easily be used for code execution.
This could be fixed in two ways:
- Using the libcurl instead of
system
- Making sure the name is good by checking something like
[a-Z0-9_-]+
statulr commented
Working on now