95 matches found
CVE-2025-53098
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53097
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53098
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53097
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53098
Roo Code prior to version 3.20.3 stores the MCP configuration in .roo/mcp.json. The MCP config format allows executing arbitrary commands, enabling an attacker who can submit prompts (e.g., via prompt injection) and who has MCP enabled and auto-approve file writes turned on to inject a malicious ...
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53097 Roo Code extension vulnerable to Potential Information Leakage via JSON Schema
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53097 Roo Code extension vulnerable to Potential Information Leakage via JSON Schema
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53097 Roo Code extension vulnerable to Potential Information Leakage via JSON Schema
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-53097
Roo Code extension (pre-3.20.3) allowed read access via the search_files tool outside the VS Code workspace, enabling potential data exposure if an attacker injects prompts. The attacker could exfiltrate data by writing to a JSON schema when the schema-fetch feature is enabled by default, trigger...
PT-2025-27260 · Robocode · Robocode
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3 Description: The issue concerns the execution of arbitrary commands through the MCP configuration file. An attacker with access to the system could craft a prompt to write a malicious command to the MCP...
PT-2025-27259
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3 Description: The issue concerns the Roo Code agent's search files tool, which did not respect the setting to disable reads outside of the VS Code workspace. This allowed an attacker who could inject a prompt...
Roo Code 命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A command injection vulnerability exists in Roo Code versions prior to 3.20.3, which stems from a .roo/mcp.json file configuration that allows the execution of arbitrary commands, which could lead to arbitrary command execution...
Roo Code 注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. An injection vulnerability exists in Roo Code versions prior to 3.20.3, which stems from the searchfiles tool not restricting the reading of files outside of the VS Code workspace, which could lead to the reading of sensitive files...