{"data":{"id":"ed595d01-a8b0-4c0c-86bb-0ffe61b00cd7","title":"GHSA-g8r9-g2v8-jv6f: GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution","summary":"GitHub Copilot CLI had a vulnerability where attackers could execute arbitrary code by hiding dangerous commands inside bash parameter expansion patterns (special syntax for manipulating variables). The safety system that checks whether commands are safe would incorrectly classify these hidden commands as harmless, allowing them to run without user approval.","solution":"The fix adds two layers of defense: (1) The safety assessment now detects dangerous operators like @P, =, :=, and ! within ${...} expansions and reclassifies commands containing them from read-only to write-capable so they require user approval. (2) Commands with dangerous expansion patterns are unconditionally blocked at the execution layer regardless of permission mode. Update to GitHub Copilot CLI version 0.0.423 or later.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-g8r9-g2v8-jv6f","publishedAt":"2026-03-06T16:43:31.000Z","cveId":"CVE-2026-29783","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["@github/copilot@<= 0.0.422 (fixed: 0.0.423)"],"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot CLI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00077,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}