Openhuman
Monthly
Remote code execution in OpenHuman desktop agent through 0.54.0 allows attackers to escape the Supervised SecurityPolicy sandbox and run arbitrary OS commands as the desktop user via indirect prompt injection. Two allowlist bypasses in src/openhuman/security/policy.rs - missing coverage of find's -execdir/-okdir flags and pre-validation stripping of inline KEY=value env assignments (e.g. GIT_EXTERNAL_DIFF, GIT_SSH_COMMAND) - let an attacker turn an allowlisted command into arbitrary execution. No public exploit identified at time of analysis, but the vendor has shipped a fix in commit 60050aa (first stable release 0.56.0).
Remote code execution in OpenHuman desktop agent through 0.54.0 allows attackers to escape the Supervised SecurityPolicy sandbox and run arbitrary OS commands as the desktop user via indirect prompt injection. Two allowlist bypasses in src/openhuman/security/policy.rs - missing coverage of find's -execdir/-okdir flags and pre-validation stripping of inline KEY=value env assignments (e.g. GIT_EXTERNAL_DIFF, GIT_SSH_COMMAND) - let an attacker turn an allowlisted command into arbitrary execution. No public exploit identified at time of analysis, but the vendor has shipped a fix in commit 60050aa (first stable release 0.56.0).