Описание
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces.
To mitigate, users should update to the latest version.
EPSS
Процентиль: 11%
0.00037
Низкий
7.8 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.8
github
29 дней назад
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to version 0.6.18.
EPSS
Процентиль: 11%
0.00037
Низкий
7.8 High
CVSS3
Дефекты
CWE-78