GHSA-5CXW-77WG-JRF3 PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

GHSA-G8R9-G2V8-JV6F GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

MiracleLinux 8 : zsh-5.5.1-9.el8 (AXSA:2022-3376:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3376:01 advisory. zsh: Prompt expansion vulnerability CVE-2021-45444 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. No...

[slackware-security] zsh

New zsh packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/zsh-5.9-i586-1slack15.0.txz: Upgraded. This release fixes a security issue in zsh-5.8: Some prompt expansion sequences, such as %F, support 'argument...

Zsh: Prompt Expansion Vulnerability

Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited throu...

GLSA-202407-01 : Zsh: Prompt Expansion Vulnerability

The remote host is affected by the vulnerability described in GLSA-202407-01 Zsh: Prompt Expansion Vulnerability Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly fro...

Medium: zsh

Issue Overview: A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...

SUSE CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...

Moderate: Red Hat Security Advisory: zsh security update

An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RLSA-2022:2120 Moderate: zsh security update

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell...

Moderate: zsh security update

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell...

zsh security update

An update is available for zsh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zsh shell is a command interpreter usable as an interactive login shell and a...

CentOS 8 : zsh (CESA-2022:2120)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:2120 advisory. - zsh: Prompt expansion vulnerability CVE-2021-45444 Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...

CLSA-2022-1648567705 Fix of CVE: CVE-2021-45444

CVE-2021-45444: do not expand PROMPTSUBST within argument of prompt-expansion sequences such as file.file to avoid arbitrary code execution...

CLSA-2022-1648567648 Fix of CVE: CVE-2021-45444

CVE-2021-45444: do not expand PROMPTSUBST within argument of prompt-expansion sequences such as file.file to avoid arbitrary code execution...

Medium: zsh

Issue Overview: A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...

openSUSE: Security Advisory for zsh (openSUSE-SU-2022:0735-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for zsh (important)

openSUSE Security Update: Security update for zsh Announcement ID: openSUSE-SU-2022:0735-1 Rating: important References: 1163882 1196435 Cross-References: CVE-2019-20044 CVE-2021-45444 CVSS scores: CVE-2019-20044 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20044 SUSE: 7...

[SECURITY] [DLA 2926-1] zsh security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2926-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 18, 2022 https://wiki.debian.org/LTS -...