{"url":"http://public2.vulnerablecode.io/api/packages/91652?format=json","purl":"pkg:pypi/openhands-ai@1.2.1","type":"pypi","namespace":"","name":"openhands-ai","version":"1.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.5.0","latest_non_vulnerable_version":"1.5.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77664?format=json","vulnerability_id":"VCID-zpvd-mxu8-n3cr","summary":"OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33718","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48482","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33718"},{"reference_url":"https://github.com/OpenHands/OpenHands","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OpenHands/OpenHands"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/openhands-ai/PYSEC-2026-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/openhands-ai/PYSEC-2026-106.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33718","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33718"},{"reference_url":"https://github.com/OpenHands/OpenHands/pull/13051","reference_id":"13051","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:04:41Z/"}],"url":"https://github.com/OpenHands/OpenHands/pull/13051"},{"reference_url":"https://owasp.org/www-community/attacks/Command_Injection","reference_id":"Command_Injection","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:04:41Z/"}],"url":"https://owasp.org/www-community/attacks/Command_Injection"},{"reference_url":"https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw","reference_id":"GHSA-7h8w-hj9j-8rjw","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:04:41Z/"}],"url":"https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw"},{"reference_url":"https://docs.python.org/3/library/shlex.html#shlex.quote","reference_id":"shlex.html#shlex.quote","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:04:41Z/"}],"url":"https://docs.python.org/3/library/shlex.html#shlex.quote"},{"reference_url":"https://docs.python.org/3/library/subprocess.html#security-considerations","reference_id":"subprocess.html#security-considerations","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:04:41Z/"}],"url":"https://docs.python.org/3/library/subprocess.html#security-considerations"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91655?format=json","purl":"pkg:pypi/openhands-ai@1.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.5.0"}],"aliases":["CVE-2026-33718","GHSA-7h8w-hj9j-8rjw","PYSEC-2026-106"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpvd-mxu8-n3cr"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.2.1"}