Attack Chain

1. An attacker crafts a malicious input string containing shell metacharacters (e.g., $(...)).
2. This malicious string is passed as the userSnippet parameter to the extractSignals() function within src/gep/evolver.js.
3. The extractSignals() function processes the user snippet and extracts a summary.
4. The extracted summary, which includes the malicious payload, is passed as the corpus parameter to the vulnerable _extractLLM() function in src/gep/signals.js.
5. The _extractLLM() function constructs a curl command by concatenating strings, embedding the unsanitized corpus parameter within the command string.
6. The curl command is executed using execSync(), which interprets the shell metacharacters and executes the injected commands.
7. The injected commands are executed with the privileges of the Node.js process.
8. The attacker achieves remote code execution, enabling them to perform actions such as data exfiltration or system compromise.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the server hosting the evolver application. This can lead to full system compromise, allowing attackers to steal sensitive data, install malware, or pivot to other systems on the network. The vulnerability affects anyone running the evolver with the GEP (Genetic Evolution Protocol) enabled and processing user-provided content. The affected package is npm/@evomap/evolver (vulnerable: < 1.69.3).

Recommendation

• Upgrade the @evomap/evolver package to version 1.69.3 or later to patch the vulnerability.
• Deploy the Sigma rule “Detect Evolver Command Injection Attempt” to identify attempts to exploit this vulnerability by detecting shell metacharacters in process execution logs.
• Review and sanitize all user-provided content before it is processed by the extractSignals() and _extractLLM() functions.
• Implement strict input validation to prevent shell metacharacters from reaching the vulnerable code.