Baget Exploit 2021 __top__ Site

Resource: Baget exploit (2021)

1. Compile or download a proof-of-concept exploit (available publicly since Jan 2022).
2. Run as unprivileged user:

   ./cve-2021-4034
   

3. Result: Root shell.

1. An attacker creates a malicious package with a specially crafted composer.json file.
2. The attacker convinces a developer to install the malicious package using Composer.
3. When the package is installed, the malicious code is executed, potentially allowing the attacker to take control of the system.

Tested Platform:

The vulnerability was confirmed on Linux systems running version 1.0/2.0 of the software.

The Exploit