Salesforce Mulesoft Anypoint Code Builder Improper Input Neutralization Vulnerability Allowing Configuration File Manipulation
Vulnerability
A vulnerability exists in Salesforce Mulesoft Anypoint Code Builder for Desktop Extension Pack versions prior to 1.11.6. This issue involves improper neutralization of input used for large language model prompting, which can manipulate writable configuration files. Exploitation of this vulnerability could lead to arbitrary command execution, and when combined with prompt injection, it may result in remote code execution, potentially granting full access to the victim's Salesforce organization.
Impact
Exploitation of this vulnerability could allow arbitrary command execution, and when combined with prompt injection, it could lead to remote code execution, potentially granting full access to the victim's Salesforce organization.
Remediation
Users can update the Anypoint Code Builder - Platform Extension to the latest version. Those who have disabled automatic updates must manually check for and apply the update. Instructions for manually updating extensions are available in the Visual Studio Extension Auto-Update Section.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.