| शीर्षक | paul-gauthier aider 0.86.3 Code Injection |
|---|
| विवरण | A prompt injection vulnerability exists in Aider v0.86.3 architect mode. The architect model's output is passed directly to the editor model via editor_coder.run(with_message=content, preproc=False), bypassing the normal preproc_user_input() layer that processes slash commands, file mentions, and URL preprocessing. This allows an attacker to embed a malicious instruction (e.g., "ARCHITECT OVERRIDE") inside repository content such as README.md. When the architect mode reads this poisoned file, the architect model emits attacker‑controlled code, which the editor model then applies to source files without further validation. In a verified attack, the editor injected a backdoor into auth.py that read the local .env file, base64‑encoded its contents, and sent them to an attacker‑controlled endpoint, after which Aider committed the backdoored file automatically. The vulnerability results in remote code execution and sensitive data exfiltration. |
|---|
| स्रोत | ⚠️ https://github.com/Aider-AI/aider/issues/5058 |
|---|
| उपयोगकर्ता | tchen200311 (UID 97733) |
|---|
| सबमिशन | 06/05/2026 02:38 AM (1 महीना पहले) |
|---|
| संयम | 30/05/2026 06:21 PM (25 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367456 [Aider-AI Aider 0.86.3 Architect Mode auth.py editor_coder.run अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|