Zed code editor versions prior to 0.229.0 contain a terminal tool permission bypass vulnerability. The editor's terminal tool permission system, designed to restrict command execution to an allowlist, can be circumvented through bash arithmetic expansion syntax `$((...))`. An attacker can nest arbitrary commands within an otherwise permitted command such as `echo`, achieving command injection despite the [truncated]
Zed IDE versions prior to 0.227.1 execute arbitrary commands when opening a folder containing a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This vulnerability enables Remote Code Execution (RCE) when a victim opens a folder in untrusted mode. The issue was fixed in Zed version 0.227.1. The vulnerability stems from improper neutralization of special elements used in [truncated]
Zed code editor versions prior to 0.229.0 contain a terminal tool permission bypass vulnerability. The flaw allows arbitrary code execution by prepending environment variable assignments to allowlisted commands, effectively hijacking program behavior through variables such as PAGER. The CVSS 3.1 vector indicates a local attack vector with low attack complexity, no privileges required, user interaction nee [truncated]
A command injection vulnerability in Zed's terminal tool permission system allows bypass of allowlist restrictions via Bash parameter expansion chaining. The flaw exists in versions prior to 0.229.0 and permits arbitrary command execution when an attacker supplies specially crafted input using `${var@P}` syntax to a terminal tool configured with an allowlisted command prefix. The CVSS 3.1 score of 6.4 ref [truncated]
Zed code editor versions prior to 0.227.1 contain a command injection vulnerability in SSH/WSL remote terminal initialization. The editor constructs remote shell commands using environment variable keys without proper shell quoting or validation. An attacker who can influence environment variable names—such as through project-specific terminal settings—can embed shell expansion syntax (e.g., command subst [truncated]
