Chris Wild

Name of the Vulnerable Software and Affected Versions: Maltrail versions <=0.54 Description: An unauthenticated command injection issue exists, allowing a remote attacker to execute arbitrary operating system commands via the `username` parameter in a POST request to the "/login" endpoint. This occurs due to unsafe handling of user-supplied input passed to `subprocess.check output()` in core/http.py, enabling injection of shell metacharacters. Exploitation does not require authentication, and commands are executed with the privileges of the Maltrail process. Recommendations: For Maltrail versions <=0.54, as a temporary workaround, consider disabling the `subprocess.check output()` function in core/http.py or restricting access to the "/login" endpoint until a patch is available. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.