Roo Code Process Substitution and Command Injection Vulnerability Allowing Arbitrary Code Execution

A vulnerability in Roo Code versions prior to 3.25.5 allows for arbitrary code execution by exploiting improper handling of process substitution and single ampersand characters in the command parsing for auto-execute commands. Users who have enabled auto-approved execution for commands like 'ls' may be targeted by attackers able to submit crafted prompts, injecting commands to be executed alongside the original. This issue arises from a prompt injection vulnerability that manipulates the command execution process.

Impact

Successful exploitation allows for arbitrary code execution on the user's machine.

Reproduction

To reproduce this vulnerability, first ensure that Roo Code is installed and running in an editor. Then, enable the auto-approved execution feature for commands. Afterward, an attacker can inject commands by crafting prompts that exploit the command parsing logic, taking advantage of the improper handling of process substitutions and ampersand characters.

Remediation

Users can update to Roo Code version 3.25.5 or later, where this vulnerability has been fixed.