GHSA-jj69-4grx-fqj5CriticalCVSS 7.8
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI ...
🔗 CVE IDs covered (1)
📋 Description
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file.