{"id":"PYSEC-2022-43177","details":"Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.","aliases":["BIT-azure-cli-2022-39327","CVE-2022-39327","GHSA-47xc-9rr2-q7p4"],"modified":"2026-02-04T20:58:26.120738Z","published":"2022-10-25T17:15:56Z","related":["GHSA-47xc-9rr2-q7p4"],"references":[{"type":"ADVISORY","url":"https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"},{"type":"EVIDENCE","url":"https://github.com/Azure/azure-cli/pull/23514"},{"type":"EVIDENCE","url":"https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"},{"type":"FIX","url":"https://github.com/Azure/azure-cli/pull/23514"},{"type":"FIX","url":"https://github.com/Azure/azure-cli/pull/24015"},{"type":"WEB","url":"https://github.com/Azure/azure-cli/pull/23514"},{"type":"WEB","url":"https://github.com/Azure/azure-cli/pull/24015"}],"affected":[{"package":{"name":"azure-cli","ecosystem":"PyPI","purl":"pkg:pypi/azure-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.0"}]}],"versions":["0.1.0b10","0.1.0b11","0.1.0b4","0.1.0b7","0.1.0b8","0.1.0b9","0.1.1b1","0.1.1b2","0.1.1b3","0.1.2rc1","0.1.2rc2","2.0.0","2.0.1","2.0.10","2.0.12","2.0.13","2.0.14","2.0.15","2.0.16","2.0.17","2.0.18","2.0.19","2.0.2","2.0.20","2.0.21","2.0.22","2.0.23","2.0.24","2.0.25","2.0.26","2.0.27","2.0.28","2.0.29","2.0.3","2.0.30","2.0.31","2.0.32","2.0.33","2.0.34","2.0.35","2.0.37","2.0.38","2.0.4","2.0.40","2.0.41","2.0.42","2.0.43","2.0.44","2.0.45","2.0.46","2.0.47","2.0.48","2.0.49","2.0.5","2.0.50","2.0.51","2.0.52","2.0.53","2.0.54","2.0.55","2.0.56","2.0.57","2.0.58","2.0.59","2.0.6","2.0.60","2.0.61","2.0.62","2.0.63","2.0.64","2.0.65","2.0.66","2.0.67","2.0.68","2.0.69","2.0.7","2.0.70","2.0.71","2.0.72","2.0.73","2.0.74","2.0.75","2.0.76","2.0.77","2.0.78","2.0.79","2.0.8","2.0.80","2.0.81","2.0.9","2.1.0","2.10.0","2.10.1","2.11.0","2.11.1","2.12.0","2.12.1","2.13.0","2.14.0","2.14.1","2.14.2","2.15.0","2.15.1","2.16.0","2.17.0","2.17.1","2.18.0","2.19.0","2.19.1","2.2.0","2.20.0","2.21.0","2.22.0","2.22.1","2.23.0","2.24.0","2.24.1","2.24.2","2.25.0","2.26.0","2.26.1","2.27.0","2.27.1","2.27.2","2.28.0","2.28.1","2.29.0","2.29.1","2.29.2","2.3.0","2.3.1","2.30.0","2.31.0","2.32.0","2.33.0","2.33.1","2.34.0","2.34.1","2.35.0","2.36.0","2.37.0","2.38.0","2.39.0","2.4.0","2.5.0","2.5.1","2.6.0","2.7.0","2.8.0","2.9.0","2.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/azure-cli/PYSEC-2022-43177.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}