Listen to this Post
The `filterToDefinedArgumentsOnly` function in OliveTin’s executor is designed to discard any arguments not explicitly defined in an action’s configuration. However, a special case allows any argument whose name starts with `ot_` to bypass this filter entirely. While two system arguments—ot_executionTrackingId and ot_username—are injected by OliveTin and properly overridden, all other user-supplied ot_-prefixed arguments pass through unmodified.
These bypassed arguments are not type-checked because the validation loop only iterates over the action’s defined arguments, meaning ot_-prefixed arguments skip all type safety checks. They are also set as environment variables via the `buildEnv()` function with completely unvalidated values and passed directly to the executed command. Additionally, they are included in the template context, available as `.Arguments.ot_` in template rendering.
The root cause lies in the `keepArgument` function (lines 728–731 in executor.go), which returns `true` for any argument name that either exists in `definedNames` or has the prefix ot_. The `injectSystemArgs` function (lines 742–745) only overrides the two system arguments, leaving any other ot_-prefixed argument untouched. Finally, `buildEnv` (lines 867–882) takes all arguments, converts their names to uppercase, and appends them as environment variables without any validation—allowing values to contain newlines, shell metacharacters, null bytes, or arbitrary data.
An attacker can send a `StartAction` request with extra ot_-prefixed arguments such as `ot_custom_var` with value `”arbitrary unvalidated content \n with newlines”` and `ot_another` with value "$(whoami)". These arguments pass through `filterToDefinedArgumentsOnly` due to the `ot_` prefix exemption, are never type-checked, become environment variables `OT_CUSTOM_VAR` and `OT_ANOTHER` in the executed command’s environment, and are available in the template rendering context as `.Arguments.ot_custom_var` and .Arguments.ot_another.
The impact includes environment variable pollution—attackers can set arbitrary environment variables (with an `OT_` uppercased prefix) in the execution environment of any action they can trigger. This creates potential for secondary exploitation if any executed script or command reads OT_-prefixed environment variables, as the unvalidated content could cause unexpected behavior. Template context pollution is also possible; although Go’s `text/template` does not recursively evaluate data values (mitigating direct template injection), the extra arguments are accessible and could interact unexpectedly with custom template logic.
The suggested fix is to remove the `ot_` prefix exception from `keepArgument` or restrict it to only the two known system arguments. The vulnerability was identified through manual source code review of the OliveTin repository, focusing on input validation boundaries, argument filtering logic, and file path construction—no automated scanners or fuzzing tools were used.
DailyCVE Form:
Platform: OliveTin
Version: 3000.10.2
Vulnerability: Argument Filter Bypass
Severity: High
Date: 2026-03-05
Prediction: 2026-06-17
What Undercode Say:
Analytics from the advisory and commit history show that the issue was introduced by the `ot_` prefix exception in `keepArgument` and remained undetected until manual code review uncovered the bypass. The fix was committed in version 3000.14.0 with the message: “security: GHSA-prj9-97mp-mwh2 (HIGH) Treat all ot_ system arguments as reserved, preventing RCE”.
Bash commands and codes related to the vulnerability:
Check affected version
olivetin --version
PoC: Send a StartAction request with malicious ot_ arguments
curl -X POST http://localhost:8080/api/StartAction \
-H "Content-Type: application/json" \
-d '{
"bindingId": "test-action",
"arguments": [
{"name": "ot_custom_var", "value": "arbitrary unvalidated content \n with newlines"},
{"name": "ot_another", "value": "$(whoami)"}
]
}'
Verify environment variables in the executed command
The command will receive OT_CUSTOM_VAR and OT_ANOTHER with the injected values
Affected code snippet (executor.go):
// Filter bypass — lines 728–731
func keepArgument(name string, definedNames map[bash]struct{}) bool {
_, ok := definedNames[bash]
return ok || strings.HasPrefix(name, "ot_")
}
// System args override — lines 742–745
func injectSystemArgs(req ExecutionRequest) {
req.Arguments["ot_executionTrackingId"] = req.TrackingID
req.Arguments["ot_username"] = req.AuthenticatedUser.Username
}
// Unvalidated environment variable assignment — lines 867–882
func buildEnv(args map[bash]string) []string {
ret := append(os.Environ(), "OLIVETIN=1")
for k, v := range args {
varName := fmt.Sprintf("%v", strings.TrimSpace(strings.ToUpper(k)))
if varName == "" { continue }
ret = append(ret, fmt.Sprintf("%v=%v", varName, v))
}
return ret
}
Exploit:
An attacker with access to the OliveTin API can exploit this vulnerability by including ot_-prefixed arguments in a `StartAction` request. Because the filter bypasses these arguments, they are not validated or type-checked. The unvalidated values are then converted to environment variables (uppercased with `OT_` prefix) and passed to the executed command. If the target action runs a script that reads custom environment variables, the attacker can inject arbitrary content—including newlines, shell metacharacters, or null bytes—potentially leading to command injection or other unexpected behavior. The exploit does not require any special privileges beyond the ability to trigger an action.
Protection:
Upgrade to OliveTin version 3000.14.0 or later, which contains the fix that treats all `ot_` system arguments as reserved. If upgrading is not immediately possible, apply the suggested fix by modifying the `keepArgument` function to restrict the `ot_` prefix exception to only the two known system arguments:
var systemArgs = map[bash]struct{}{
"ot_executionTrackingId": {},
"ot_username": {},
}
func keepArgument(name string, definedNames map[bash]struct{}) bool {
_, isDefined := definedNames[bash]
_, isSystem := systemArgs[bash]
return isDefined || isSystem
}
Additionally, review any custom actions that rely on ot_-prefixed environment variables and ensure they do not trust unsanitized input.
Impact:
- Environment Variable Pollution: Attackers can set arbitrary environment variables with an `OT_` prefix in the execution environment of any action they can trigger, potentially influencing scripts or programs that read these variables.
- Secondary Exploitation: If any executed script or command reads
OT_-prefixed environment variables, the unvalidated content could cause unexpected behavior, including command injection or logic flaws. - Template Context Pollution: Although Go’s `text/template` does not recursively evaluate data values, the extra arguments are accessible in the template context and could interact unexpectedly with custom template logic, potentially leading to information disclosure or other issues.
- Risk Elevation: In environments where OliveTin runs with elevated privileges (e.g., as root inside Docker containers), the impact of successful exploitation is significantly higher, potentially allowing full system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
