diff --git a/advisories/github-reviewed/2026/05/GHSA-cw25-2p92-7f75/GHSA-cw25-2p92-7f75.json b/advisories/github-reviewed/2026/05/GHSA-cw25-2p92-7f75/GHSA-cw25-2p92-7f75.json index 8e011464e3615..310055b35d423 100644 --- a/advisories/github-reviewed/2026/05/GHSA-cw25-2p92-7f75/GHSA-cw25-2p92-7f75.json +++ b/advisories/github-reviewed/2026/05/GHSA-cw25-2p92-7f75/GHSA-cw25-2p92-7f75.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-cw25-2p92-7f75", - "modified": "2026-06-30T15:12:20Z", + "modified": "2026-06-30T15:12:21Z", "published": "2026-05-26T13:30:29Z", "aliases": [ "CVE-2026-3515" ], - "summary": "Prefect has an Argument Injection issue", - "details": "A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.", + "summary": "Prefect GitHubRepository Block: Argument Injection via reference Field in git clone Leading to SSRF, Credential Theft, or RCE", + "details": "A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect Github integration allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach.", "severity": [ { "type": "CVSS_V3", @@ -18,7 +18,7 @@ { "package": { "ecosystem": "PyPI", - "name": "prefect" + "name": "prefect-github" }, "ranges": [ { @@ -28,11 +28,14 @@ "introduced": "0" }, { - "last_affected": "3.6.18" + "fixed": "0.4.3" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 0.4.2" + } } ], "references": [