Description

See below

Motivation and Context

Summary:The vulnerability lies in the ONNX Runtime's validate_package.py script, which uses unsanitized string concatenation with os.system() to construct shell commands. This allows attackers to inject arbitrary shell commands via the --package_name argument, leading to potential remote code execution. The issue affects the release validation pipeline, which operates with elevated privileges, exposing sensitive credentials and secrets. The root cause is the lack of input sanitization and the use of os.system() for command execution.

Affected code locations:

tools/nuget/validate_package.py line 241: os.system("tar zxvf " + package_name)
tools/nuget/validate_package.py line 339: os.system("copy " + full_nuget_path + " " + nupkg_copy_name)
Suggested fix: Replace os.system() with subprocess.run() using argument lists (no shell interpolation):

# Instead of: os.system("tar zxvf " + package_name)
subprocess.run(["tar", "zxvf", package_name], check=True)

# Instead of: os.system("copy " + full_nuget_path + " " + nupkg_copy_name)
shutil.copy2(full_nuget_path, nupkg_copy_name)