Skip to content

[GHSA-7pm4-56h2-5rxr] Prefect version 3.6.23 is vulnerable to remote code...#8708

Open
bdalpe wants to merge 1 commit into
bdalpe/advisory-improvement-8708from
bdalpe-GHSA-7pm4-56h2-5rxr
Open

[GHSA-7pm4-56h2-5rxr] Prefect version 3.6.23 is vulnerable to remote code...#8708
bdalpe wants to merge 1 commit into
bdalpe/advisory-improvement-8708from
bdalpe-GHSA-7pm4-56h2-5rxr

Conversation

@bdalpe

@bdalpe bdalpe commented Jul 14, 2026

Copy link
Copy Markdown

Updates

  • Affected products
  • Description
  • Source code location
  • Summary

Comments
This was fixed in PrefectHQ/prefect#21384 which was included in the Prefect 0.6.25 release.

Copilot AI review requested due to automatic review settings July 14, 2026 14:37
@github-actions github-actions Bot changed the base branch from main to bdalpe/advisory-improvement-8708 July 14, 2026 14:39

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Prefect security advisory with package metadata, affected versions, summary, and source reference.

Changes:

  • Adds the PyPI package and fixed version.
  • Expands vulnerability details and references.
  • Adds an advisory summary.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
],
"details": "Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.",
"summary": "Git Flag Injection via commit_sha and directories Parameters Leading to Remote Code Execution (RCE)",
"details": "Prefect version <=3.6.24 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not include a `--` separator to distinguish user input from git flags. This allows attackers to inject arbitrary git flags, such as `--upload-pack`, enabling execution of external programs. Additionally, the `directories` parameter can be exploited to inject git flags during sparse-checkout operations. These vulnerabilities allow any user with deployment creation permissions to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments.",
"introduced": "0"
},
{
"fixed": "3.6.25"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants