- affected product: https://github.com/tiagorlampert/CHAOS
- affected version: commit before 1b451cf62582295b7225caf5a7b506f0bad56f6b & 24c9e109b5be34df7b2bce8368eae669c481ed5e
- vulnerability type: RCE (Command Injection)
In services/client_service.go, the author uses fmt.Sprintf()
to build buildStr
, then executes it with exec.Command()
: