New Advisory Request
Package: dstack
Ecosystem: pip (PyPI)
Affected versions: <= 0.19.5
CWE: CWE-78 (OS Command Injection)
Severity: Critical
Repository: https://github.com/dstackai/dstack
Summary
OS Command Injection vulnerability in dstack Kubernetes backend. User-controlled input is interpolated into shell commands via f-strings without proper sanitization. The shlex module is imported in the same file and used for other values but not applied consistently to all user inputs.
Impact
Remote code execution on Kubernetes infrastructure. Authenticated project members can execute arbitrary commands on shared infrastructure components.
Notes
- dstackai/dstack does not have Private Vulnerability Reporting enabled on GitHub, so submitting here for GHSA assignment.
- No SECURITY.md or security contact is published in the repository.
- Full technical details, affected code paths, and PoC are available upon request through a private channel. Please enable PVR or provide a security contact.
New Advisory Request
Package: dstack
Ecosystem: pip (PyPI)
Affected versions: <= 0.19.5
CWE: CWE-78 (OS Command Injection)
Severity: Critical
Repository: https://github.com/dstackai/dstack
Summary
OS Command Injection vulnerability in dstack Kubernetes backend. User-controlled input is interpolated into shell commands via f-strings without proper sanitization. The
shlexmodule is imported in the same file and used for other values but not applied consistently to all user inputs.Impact
Remote code execution on Kubernetes infrastructure. Authenticated project members can execute arbitrary commands on shared infrastructure components.
Notes