{"id":"BIT-azure-cli-2022-39327","summary":"Improper Control of Generation of Code ('Code Injection') in Azure CLI","details":"Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.","aliases":["CVE-2022-39327","GHSA-47xc-9rr2-q7p4","PYSEC-2022-43177"],"modified":"2025-05-20T10:02:07.006Z","published":"2024-03-06T10:50:38.475Z","database_specific":{"cpes":["cpe:2.3:a:microsoft:azure_command-line_interface:*:*:*:*:*:*:*:*"],"severity":"Critical"},"references":[{"type":"WEB","url":"https://github.com/Azure/azure-cli/pull/23514"},{"type":"WEB","url":"https://github.com/Azure/azure-cli/pull/24015"},{"type":"WEB","url":"https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39327"}],"affected":[{"package":{"name":"azure-cli","ecosystem":"Bitnami","purl":"pkg:bitnami/azure-cli"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.40.0"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/azure-cli/BIT-azure-cli-2022-39327.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}