CNNVD-202507-3050 Information

CNNVD ID

CNNVD-202507-3050

Related CVE

CVE-2025-54377

• CNNVD Published: 2025-07-23

Description (Chinese)

Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.23.18及之前版本存在命令注入漏洞，该漏洞源于命令输入验证不足，可能导致命令注入攻击。

Description (English)

Roo Code is an AI-based autonomous coding agent for Roo Code. Roo Code 3.23.18 and earlier versions had a command-injecting loophole, which stemmed from inadequate command-input verification and could lead to an order-injection attack.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

Roo Code

Published

2025-07-23

Last Modified

2026-02-24

References

https://github.com/RooCodeInc/Roo-Code/commit/9d434c2db9b20eb5c78b698cb2b0037cd2074534 https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-p278-52x9-cffx

Patch

https://github.com/RooCodeInc/Roo-Code/releases