Cli
Monthly
Command execution via URI injection in GitHub CLI's `gh codespace jupyter` subcommand (versions 2.10.0-2.95.0) allows an attacker who controls a Codespace to redirect a connecting developer's VS Code instance into executing arbitrary protocol handler actions. The CLI passes a JupyterLab URL sourced from a process inside the Codespace directly to the OS without validating that the URL is a loopback HTTP or HTTPS address, enabling substitution with a crafted `vscode://` or `vscode-insiders://` URI. No public exploit has been identified at time of analysis and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog, but the scope-change characteristic (S:C) means local VS Code extension execution is a realistic downstream impact.
Symlink-following vulnerabilities in Capgo CLI before version 12.128.2 (npm @capgo/cli < 7.84.6) allow an attacker who controls a repository to overwrite arbitrary files on a developer's machine and expose sensitive signing credentials when the developer runs CLI login or build credential operations inside that repository. Three distinct issues are present: unsafe writeFileSync on .capgo and .capgo-credentials.json without symlink validation, and global credential files written with world-readable 664 permissions instead of the required 0600. A proof-of-concept demonstrating the .capgo clobber is publicly documented in the GitHub Security Advisory GHSA-8mpm-q7mh-8fvh. No CISA KEV listing exists at time of analysis, but exploitability is straightforward given the PoC and low attack complexity.
Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Command execution via URI injection in GitHub CLI's `gh codespace jupyter` subcommand (versions 2.10.0-2.95.0) allows an attacker who controls a Codespace to redirect a connecting developer's VS Code instance into executing arbitrary protocol handler actions. The CLI passes a JupyterLab URL sourced from a process inside the Codespace directly to the OS without validating that the URL is a loopback HTTP or HTTPS address, enabling substitution with a crafted `vscode://` or `vscode-insiders://` URI. No public exploit has been identified at time of analysis and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog, but the scope-change characteristic (S:C) means local VS Code extension execution is a realistic downstream impact.
Symlink-following vulnerabilities in Capgo CLI before version 12.128.2 (npm @capgo/cli < 7.84.6) allow an attacker who controls a repository to overwrite arbitrary files on a developer's machine and expose sensitive signing credentials when the developer runs CLI login or build credential operations inside that repository. Three distinct issues are present: unsafe writeFileSync on .capgo and .capgo-credentials.json without symlink validation, and global credential files written with world-readable 664 permissions instead of the required 0600. A proof-of-concept demonstrating the .capgo clobber is publicly documented in the GitHub Security Advisory GHSA-8mpm-q7mh-8fvh. No CISA KEV listing exists at time of analysis, but exploitability is straightforward given the PoC and low attack complexity.
Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.