[GHSA-7pm4-56h2-5rxr] Prefect version 3.6.23 is vulnerable to remote code...#8708
Open
bdalpe wants to merge 1 commit into
Open
[GHSA-7pm4-56h2-5rxr] Prefect version 3.6.23 is vulnerable to remote code...#8708bdalpe wants to merge 1 commit into
bdalpe wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Prefect security advisory with package metadata, affected versions, summary, and source reference.
Changes:
- Adds the PyPI package and fixed version.
- Expands vulnerability details and references.
- Adds an advisory summary.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" |
| ], | ||
| "details": "Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.", | ||
| "summary": "Git Flag Injection via commit_sha and directories Parameters Leading to Remote Code Execution (RCE)", | ||
| "details": "Prefect version <=3.6.24 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.", |
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "3.6.25" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates
Comments
This was fixed in PrefectHQ/prefect#21384 which was included in the Prefect 0.6.25 release.