Bedrock Agentcore
Monthly
Command injection in the AWS Bedrock AgentCore Python SDK (versions >= 1.1.3, < 1.6.1) allows remote authenticated users to execute arbitrary commands within the Code Interpreter sandbox by supplying crafted package name arguments to the install_packages() method. The flaw stems from improper neutralization of argument delimiters (CWE-88), letting attacker-controlled strings break out of the intended pip-install argument context. No public exploit identified at time of analysis, but a vendor patch and advisory are available from AWS.
Command injection in the AWS Bedrock AgentCore Python SDK (versions >= 1.1.3, < 1.6.1) allows remote authenticated users to execute arbitrary commands within the Code Interpreter sandbox by supplying crafted package name arguments to the install_packages() method. The flaw stems from improper neutralization of argument delimiters (CWE-88), letting attacker-controlled strings break out of the intended pip-install argument context. No public exploit identified at time of analysis, but a vendor patch and advisory are available from AWS.