Summary
A vulnerability was identified in the command parsing logic where Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one.
Impact
This issue is of high complexity since it requires prompt injection capabilities and auto-approved command execution (off by default). However, the severity is high because successful exploitation results in arbitrary code execution.
Remediation
We updated the command parsing logic to correctly detect and block dangerous substitution patterns, requiring explicit approval before execution.
febou92 Reporter
Summary
A vulnerability was identified in the command parsing logic where Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one.
Impact
This issue is of high complexity since it requires prompt injection capabilities and auto-approved command execution (off by default). However, the severity is high because successful exploitation results in arbitrary code execution.
Remediation
We updated the command parsing logic to correctly detect and block dangerous substitution patterns, requiring explicit approval before execution.