Aider
Monthly
Server-side request forgery in Aider-AI Aider 0.86.3 allows authenticated remote attackers to make the application issue arbitrary HTTP requests to internal network resources, including cloud infrastructure metadata endpoints such as the AWS EC2 instance metadata service at 169.254.169.254. The URL scraping component accepts user-supplied URLs without validating whether the destination resolves to private RFC1918 or link-local address space, enabling an attacker to proxy requests through the Aider host. No public exploit identified at time of analysis meets KEV criteria, but publicly available exploit code exists via GitHub issue #5075, and the upstream fix (PR #5137) awaits formal acceptance into a release.
SQL injection in Aider-AI Aider 0.86.3's Code Generation Workflow component allows authenticated remote attackers with low privileges to manipulate internal SQL queries, resulting in partial compromise of confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists via GitHub issue #5077, raising near-term exploitation risk despite the medium CVSS score of 6.3. The vendor has not yet responded to the responsible disclosure and no patch has been released, leaving users without an official remediation path.
Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.
Protection mechanism failure in Aider-AI Aider 0.86.3 exposes git pre-commit hook bypass via manipulation of the `git-commit-verify` argument in `aider/args.py`, allowing authenticated remote attackers to commit code without triggering pre-commit security controls. The CVSS temporal score includes E:P (proof-of-concept exploit publicly available, linked to GitHub issue #5057), and the vendor has not yet responded to the responsible disclosure. No public KEV listing exists, and the report confidence (RC:R) remains at 'Reasonable' rather than 'Confirmed', indicating the vendor has not acknowledged the finding.
Server-side request forgery in Aider-AI Aider 0.86.3 allows authenticated remote attackers to make the application issue arbitrary HTTP requests to internal network resources, including cloud infrastructure metadata endpoints such as the AWS EC2 instance metadata service at 169.254.169.254. The URL scraping component accepts user-supplied URLs without validating whether the destination resolves to private RFC1918 or link-local address space, enabling an attacker to proxy requests through the Aider host. No public exploit identified at time of analysis meets KEV criteria, but publicly available exploit code exists via GitHub issue #5075, and the upstream fix (PR #5137) awaits formal acceptance into a release.
SQL injection in Aider-AI Aider 0.86.3's Code Generation Workflow component allows authenticated remote attackers with low privileges to manipulate internal SQL queries, resulting in partial compromise of confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists via GitHub issue #5077, raising near-term exploitation risk despite the medium CVSS score of 6.3. The vendor has not yet responded to the responsible disclosure and no patch has been released, leaving users without an official remediation path.
Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.
Protection mechanism failure in Aider-AI Aider 0.86.3 exposes git pre-commit hook bypass via manipulation of the `git-commit-verify` argument in `aider/args.py`, allowing authenticated remote attackers to commit code without triggering pre-commit security controls. The CVSS temporal score includes E:P (proof-of-concept exploit publicly available, linked to GitHub issue #5057), and the vendor has not yet responded to the responsible disclosure. No public KEV listing exists, and the report confidence (RC:R) remains at 'Reasonable' rather than 'Confirmed', indicating the vendor has not acknowledged the finding.