Listen to this Post
The vulnerability exists in the `fetch` command handler within `index.js` at lines 752–767. When the `–out=` flag is provided, the code extracts the user-supplied path using `outFlag.slice(‘–out=’.length)` without any sanitization or validation. An attacker can supply a path containing `../` sequences, such as ../../../etc/cron.d, causing the application to write files to arbitrary filesystem locations. The `safeId` variable is sanitized with a regex replacement, but this sanitization only applies to the default path (when `–out=` is omitted). For user-controlled `–out=` paths, no validation occurs. The `fs.mkdirSync(outDir, { recursive: true })` then creates the directory (including parent directories via traversal) and subsequent file writes land inside the attacker-controlled outDir. This allows overwriting critical system files, planting cron jobs, modifying SSH authorized_keys, or replacing application code. The process privileges determine the extent of damage; if run as root or a high-privileged user, full system compromise follows.
dailycve form (3 words max per line):
Platform: Node.js app
Version: any (unpatched)
Vulnerability : path traversal write
Severity: high (medium?)
date: 2025-04-23
Prediction: Patch within 14d
What Undercode Say:
Identify vulnerable command usage
grep -rn "outFlag.slice('--out=')" index.js
Test path traversal locally
mkdir -p ./test-vuln
node -e "const fs=require('fs'); const out='../../../tmp/poc'; fs.mkdirSync(out,{recursive:true}); fs.writeFileSync(out+'/poc.txt','traversal');"
Monitor file writes outside allowed base
inotifywait -m -r --format '%w%f' /tmp/ | grep 'evolver'
Exploit:
Write to system cron directory (if write perms exist) node index.js fetch malicious-skill --out=../../../etc/cron.d Overwrite SSH authorized_keys of a user node index.js fetch any-skill --out=../../../home/victim/.ssh Plant webshell in web root node index.js fetch skill --out=../../../var/www/html
Protection from this CVE
- Validate and sanitize the `–out=` path: resolve it with `path.resolve()` and check that it stays inside an intended base directory (e.g.,
skills/).
2. Use `path.join(baseDir, userInput)` after stripping `../` sequences.
- Run the application with least privilege (non-root user) to limit write impact.
- Apply vendor patch once released (monitor CVE database for updated package).
Impact
- Arbitrary file write to any filesystem location → remote code execution via cron/webshell.
- Overwrite configuration or binaries → privilege escalation or DoS.
- Tamper with SSH keys → persistent unauthorized access.
- In CI/CD pipelines: compromise secrets or inject malicious artifacts.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

