A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 3.6.25.dev7 can resolve this issue. The patch is identified as 6a9d9918716ce4ee0297b69f3046f7067ef1faae. It is advisable to upgrade the affected component.
A remote argument injection vulnerability exists in PrefectHQ Prefect up to version 3.6.25.dev6 in the GitRepository Pull Handler component, allowing attackers to manipulate commit_sha and directories parameters. The vulnerability has been publicly disclosed and can be exploited remotely, with a fix available in version 3.6.25.dev7.
تم اكتشاف ثغرة حقن الوسائط في مكون معالج سحب GitRepository في PrefectHQ Prefect حتى الإصدار 3.6.25.dev6. تسمح الثغرة للمهاجمين بمعالجة معاملات commit_sha والمجلدات لتنفيذ هجمات بعيدة. تم الإفصاح العلني عن الثغرة وتوفر إصلاح في الإصدار 3.6.25.dev7.
An argument injection flaw was discovered in PrefectHQ Prefect versions up to 3.6.25.dev6 affecting the GitRepository Pull Handler, enabling remote exploitation through manipulation of specific parameters. Organizations using affected versions should upgrade immediately to patch 3.6.25.dev7 or later.
Upgrade PrefectHQ Prefect to version 3.6.25.dev7 or later immediately. Apply patch 6a9d9918716ce4ee0297b69f3046f7067ef1faae. Review and restrict access to GitRepository Pull Handler functionality. Implement input validation and sanitization for commit_sha and directories parameters. Monitor logs for suspicious argument patterns.
قم بترقية PrefectHQ Prefect إلى الإصدار 3.6.25.dev7 أو أحدث فوراً. طبق التصحيح 6a9d9918716ce4ee0297b69f3046f7067ef1faae. راجع وقيد الوصول إلى وظيفة معالج GitRepository Pull. نفذ التحقق من صحة المدخلات وتنظيفها لمعاملات commit_sha والمجلدات. راقب السجلات للأنماط المريبة.