DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction.
The system verifies commands using string-based parsing and blocks dangerous operators such as ;, &&, ||, | and command substitution patterns. However, this mechanism does not account for raw newline characters embedded within input data. An attacker can construct a payload by inserting a literal newline character between a whitelisted command and malicious code (e.g., git log<newline>malicious_command), causing DSAI-Cline to incorrectly identify the entire sequence as a safe operation and automatically approve it. The PowerShell interpreter treats the newline character as a command separator and executes both sequences sequentially, resulting in Remote Code Execution.
An attacker can gain full control over the system by executing arbitrary code with DSAI-Cline process privileges — without authentication and without any user interaction. Possible consequences include breach of confidentiality, integrity, and availability of the system.
Apply patches available from the manufacturer according to the references provided. As a workaround, disable the automatic command acceptance module until the patch is applied and validate input data taking into account raw newline characters as command separators.
DSAI-Cline product (Cline) — versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCline
APPCline≤ 1.1.2