AWS CloudShell Terminal Escape Injection / Remote Code Execution

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.

Leave a Reply