Glances has a Command Injection via Process Names in Action Command Templates

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables (e.g., `{{name}}`, `{{key}}`) that are populated with runtime monitoring data. The `secure_popen()` function, which executes these commands, implements its own pipe, redirect, and chain operator handling by splitting the command string before passing each segment to `subprocess.Popen(shell=False)`. Prior to 4.5.2, when a Mustache-rendered value (such as a process name, filesystem mount point, or container name) contains pipe, redirect, or chain metacharacters, the rendered command is split in unintended ways, allowing an attacker who controls a process name or container name to inject arbitrary commands. Version 4.5.2 fixes the issue.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

glances 操作系统命令注入漏洞

glances是Nicolas Hennion个人开发者的一款系统监测工具。 Glances 4.5.2之前版本存在操作系统命令注入漏洞，该漏洞源于Mustache模板变量包含元字符时命令拆分不当，可能导致控制进程名或容器名的攻击者注入任意命令。

N/A

N/A