Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the /agents/:id update endpoint and adapterConfig.workspaceStrategy.provisionCommand. An attacker can execute arbitrary OS commands by updating their agent’s configuration with a crafted provisionCommand, which is...