GHSA-4vgf-2cm4-mp7c: Command Injection
First published: Tue May 06 2025(Updated: )
## Impact: A security issue has been found in `terraform-provider-windns` before version `1.0.5`. The `windns_record` resource did not santize the input variables. This can lead to authenticated command injection in the underlyding powershell command prompt. ## Patches: [`83ef736 (fix: better input validation)`](https://github.com/nrkno/terraform-provider-windns/commit/c76f69610c1b502f90aaed8c4f102194530b5bce) ## Fixed versions: - `v1.0.5`
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/github.com/nrkno/terraform-provider-windns | <=1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-4vgf-2cm4-mp7c?
GHSA-4vgf-2cm4-mp7c has been classified as a security issue due to potential authenticated command injection.
How do I fix GHSA-4vgf-2cm4-mp7c?
To fix GHSA-4vgf-2cm4-mp7c, upgrade the terraform-provider-windns to version 1.0.5 or later.
What versions of terraform-provider-windns are affected by GHSA-4vgf-2cm4-mp7c?
GHSA-4vgf-2cm4-mp7c affects terraform-provider-windns versions prior to 1.0.5.
What is the underlying issue of GHSA-4vgf-2cm4-mp7c?
The underlying issue of GHSA-4vgf-2cm4-mp7c is the lack of input sanitization in the windns_record resource.
Can GHSA-4vgf-2cm4-mp7c lead to any security risks?
Yes, GHSA-4vgf-2cm4-mp7c can lead to authenticated command injection risks in the PowerShell command prompt.
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/type
- agent/references
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4vgf-2cm4-mp7c
- alias/CVE-2025-46735
- agent/software-canonical-lookup
- package-manager/go