3 matches found
CVE-2025-64671
CVE-2025-64671 is a remote code execution vulnerability in the GitHub Copilot for JetBrains plugin caused by improper neutralization of command elements (command injection). The Nessus/NVL documentation indicates the issue affects versions prior to 1.5.60; upgrading to 1.5.60 or later is the reme...
CVE-2026-21516
Github Copilot contains CVE-2026-21516: improper neutralization of special elements used in a command (command injection) that allows a remote attacker to execute code over the network. CVSS v3.1 base score 8.8 (HIGH) with AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Root cause is command injection due ...
CVE-2025-66389
GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...