DTStack Taier REST API Runtime.exec os command injection
Description
A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored OS command injection in DTStack Taier 1.4.0 REST API allows remote attackers with task creation privileges to execute arbitrary commands via sqlText parameter.
Vulnerability
A stored OS command injection vulnerability exists in DTStack Taier version 1.4.0. The REST API endpoint accepts a sqlText parameter which is stored in MySQL without sanitization and later passed to Runtime.exec() with a sh -c prefix, allowing arbitrary command execution [1].
Exploitation
An attacker must have user credentials with task/job creation permissions to access the REST API. The attacker submits malicious SQL text containing shell metacharacters (e.g., ;, |, backticks) via the sqlText parameter. The input is stored in MySQL and subsequently executed when the job runs, resulting in command injection [1].
Impact
Successful exploitation allows an authenticated attacker to execute arbitrary OS commands on the server. This leads to full compromise of confidentiality, integrity, and availability, potentially enabling data exfiltration, system modification, or lateral movement [1].
Mitigation
The vendor did not respond to disclosure and no official fix is available. Users should restrict access to the REST API to trusted users, apply input validation to reject shell metacharacters, and consider using ProcessBuilder with explicit argument lists instead of Runtime.exec(). As of publication, Taier 1.4.0 remains vulnerable [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/fakebug111/my_public_bug/blob/main/issus02.mdmitreexploit
- vuldb.com/submit/813941mitrethird-party-advisory
- vuldb.com/vuln/365418mitrevdb-entrytechnical-description
- vuldb.com/vuln/365418/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.