Vulnerability	Vulnerable Version
H Uncontrolled Search Path Element @salesforce/cli is a The Salesforce CLI Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the `Replace Trusted Executable` feature. An attacker can execute arbitrary code by placing a malicious executable in a directory that is searched before the intended trusted executable. Note: This vulnerability affects only those customers who downloaded the software from an untrusted source, rather than directly from the official Salesforce site. Untrusted downloads may contain a malicious file in the local directory, which could be executed instead of the legitimate files in the specified file path. How to fix Uncontrolled Search Path Element? Upgrade `@salesforce/cli` to version 2.106.6 or higher.	<2.106.6

Uncontrolled Search Path Element

@salesforce/cli is a The Salesforce CLI

Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the Replace Trusted Executable feature. An attacker can execute arbitrary code by placing a malicious executable in a directory that is searched before the intended trusted executable.

Note:

This vulnerability affects only those customers who downloaded the software from an untrusted source, rather than directly from the official Salesforce site. Untrusted downloads may contain a malicious file in the local directory, which could be executed instead of the legitimate files in the specified file path.

How to fix Uncontrolled Search Path Element?

Upgrade @salesforce/cli to version 2.106.6 or higher.

<2.106.6

Go back to all versions of this package