Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to the fixed version

Description: The issue arises from the use of user-controlled data in the git clone command without proper validation, leading to a command injection vulnerability. This allows an attacker with admin permissions to execute arbitrary commands by adding escaping characters to the req.body.name value. The vulnerability is exploited through the child process.execSync API. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include:

Recommendations: For Saltcorn versions prior to the fixed version, sanitize the pluginDir value before passing it to execSync. Alternatively, use the child process.execFileSync API to mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.