Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Roo Code: Symlink-bypass of .rooignore can lead to unintended file disclosure
Vulnerability Description
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files that were intended to be excluded. As a result, sensitive files such as .env or configuration files could be exposed. An attacker able to modify files within the workspace could gain unauthorized access to sensitive information by bypassing .rooignore rules. This could include secrets, configuration details, or other excluded project data. This is fixed in version 3.26.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Roo Code 后置链接漏洞
Vulnerability Description
Roo Code是Roo Code公司的一款基于AI的自主编码代理。 Roo Code 3.25.23及之前版本存在后置链接漏洞,该漏洞源于符号链接绕过保护,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A