CNNVD-202506-3602 Information
CNNVD ID
CNNVD-202506-3602
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.20.3之前版本存在注入漏洞,该漏洞源于search_files工具未限制读取VS Code工作区外文件,可能导致敏感文件读取。
Description (English)
Roo Code is an AI-based autonomous coding agent for Roo Code. There was an injection loophole in the pre-Roo Code 3.203 version, which stemmed from the fact that the search files tool did not restrict access to documents outside the VS Code working area, which could lead to access to sensitive documents.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
ROS
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/RooCodeInc/Roo-Code/commit/10b2fb32ed047bbd7b8d10ef185c1ed345efcc92 https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-wr2q-46pg-f228 https://access.redhat.com/security/cve/cve-2025-53097
Patch
https://marketplace.visualstudio.com/items?itemName=RooVeterinaryInc.roo-cline
Share on: