Summary
SafeInstall agent guard shell parsing can miss raw package execution
Full technical description
SafeInstall CLI through 0.10.1 can fail to recognize some package-manager and registry-runner commands in its agent guard. Case-variant launcher names, leading file-descriptor redirections, and supported shell wrappers with options can cause a raw install command to receive no guard decision. Remote project scaffolding through package-manager create/init commands can also avoid the approval decision used for other registry runners.
Affected versions
- safeinstall-cli <= 0.10.1
Patched version
- safeinstall-cli 0.10.2
Mitigation
Upgrade to safeinstall-cli 0.10.2 or later.
Until an upgrade is possible, manually review every coding-agent shell command and prevent the agent from invoking package managers or registry runners directly. Running an affected guard does not make raw package-manager execution safe.
Credits
Discovered, reproduced, and remediated by the SafeInstall maintainer during adversarial parser testing.
Impact
When the SafeInstall guard is installed for a coding agent, a crafted shell command can bypass the intended deny or ask response. The coding agent may then run a package installation or registry-provided scaffolding command without SafeInstall policy evaluation and without SafeInstall enforcing disabled lifecycle scripts.
Exploitation requires a coding agent to act on attacker-influenced instructions and issue the crafted shell command. A successful malicious package or runner can execute with the permissions of the developer account, affecting the confidentiality, integrity, and availability of local source code, credentials, and development resources.
The vulnerability is limited to guard interception. Commands already routed through the SafeInstall CLI continue to receive normal policy evaluation.
GHSA-XRMC-C5CG-RV7X has a CVSS score of 8.8 (High). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.10.2); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
Version 0.10.2:
- normalizes package-manager and wrapper launcher names for detection and rewriting;
- parses leading redirections before classifying the command;
- handles supported wrapper option arity conservatively and fails closed on ambiguous embedded command syntax;
- routes remote create/init scaffolding through the registry-runner approval path;
- preserves SafeInstall routing for path-qualified package-manager invocations.
The patch includes a permanent regression corpus, table-driven parser characterization, an independent reference detector, and deterministic fuzz invariants. The integrated release candidate passed 626 tests, package smoke validation, and a one-million-command fuzz campaign with zero invariant violations.
Frequently Asked Questions
- What is GHSA-XRMC-C5CG-RV7X? GHSA-XRMC-C5CG-RV7X is a high-severity security vulnerability in safeinstall-cli (npm), affecting versions < 0.10.2. It is fixed in 0.10.2.
- How severe is GHSA-XRMC-C5CG-RV7X? GHSA-XRMC-C5CG-RV7X has a CVSS score of 8.8 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of safeinstall-cli are affected by GHSA-XRMC-C5CG-RV7X? safeinstall-cli (npm) versions < 0.10.2 is affected.
- Is there a fix for GHSA-XRMC-C5CG-RV7X? Yes. GHSA-XRMC-C5CG-RV7X is fixed in 0.10.2. Upgrade to this version or later.
- Is GHSA-XRMC-C5CG-RV7X exploitable, and should I be worried? Whether GHSA-XRMC-C5CG-RV7X is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-XRMC-C5CG-RV7X is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-XRMC-C5CG-RV7X? Upgrade
safeinstall-clito 0.10.2 or later.