CNNVD-202506-3601 Information

CNNVD ID

CNNVD-202506-3601

Related CVE

CVE-2025-53098

• CNNVD Published: 2025-06-27

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.20.3之前版本存在命令注入漏洞，该漏洞源于.roo/mcp.json文件配置允许执行任意命令，可能导致任意命令执行。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. The pre-Roo Code 3.20.3 version contains a loophole in the order, which stems from the .roo/mcp.json file configuration allowing for the execution of arbitrary orders, which may lead to the execution of arbitrary orders.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

ROS

Published

2025-06-27

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-5x8h-m52g-5v54 https://access.redhat.com/security/cve/cve-2025-53098

Patch

https://marketplace.visualstudio.com/items?itemName=RooVeterinaryInc.roo-cline