[PR #600] [MERGED] fix!: Shell escape in entitlement handling #1670

New issue

Closed

opened 2026-03-03 19:08:19 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 19:08:19 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/PlayCover/PlayCover/pull/600
Author: @ohaiibuzzle
Created: 12/20/2022
Status: ✅ Merged
Merged: 12/20/2022
Merged by: @Depal1

Base: develop ← Head: fix/emerg-entitlement-escape

---

📝 Commits (1)

• 87bf607 fix!: Shell escape in entitlement handling

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 PlayCover/Utils/PlayTools.swift (+1 -1)

📄 Description

A bug was discovered that allows arbitrary command execution when running an app from PlayCover due to the code dealing with parsing entitlements did not escape the app path.

Bug was introduced in 84ce798269, so it may have affected all PlayCover versions past v1.0.7

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/PlayCover/PlayCover/pull/600 **Author:** [@ohaiibuzzle](https://github.com/ohaiibuzzle) **Created:** 12/20/2022 **Status:** ✅ Merged **Merged:** 12/20/2022 **Merged by:** [@Depal1](https://github.com/Depal1) **Base:** `develop` ← **Head:** `fix/emerg-entitlement-escape` --- ### 📝 Commits (1) - [`87bf607`](https://github.com/PlayCover/PlayCover/commit/87bf607fba87af141a52212939e22d5ef5d15d8d) fix!: Shell escape in entitlement handling ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `PlayCover/Utils/PlayTools.swift` (+1 -1) </details> ### 📄 Description A bug was discovered that allows arbitrary command execution when running an app from PlayCover due to the code dealing with parsing entitlements did not escape the app path. Bug was introduced in 84ce798269, so it may have affected all PlayCover versions past v1.0.7 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 19:08:19 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

swift-6-migration

update

stable

test-build-sparkle-pr

test-xcode-less-installer

stage-xclt

preview-test-fancy-library

3.1.0

3.0.0

3.0.0-beta.2

3.0.0-beta.1

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.1

2.0.0-alpha.2

2.0.0-alpha.1

1.1.1

1.1.0

1.0.7

1.0.6

1.0.4

1.0.1

1.0.0

0.9.9

0.9.8

0.9.7

0.9.5

0.9.6

0.8.9

0.9.1

0.9.2

0.8.7

0.7.5

0.7.6

0.7.7

0.7.8

0.8.4

0.8.1

0.7.3

0.7.9

0.6.0

0.6.1

0.6.2

0.5.0

0.4.0

0.1.1

0.1.0-fix

0.1.0-beta

0.0.2-alpha

Labels

Clear labels   

UI

  

app-support

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

game-support

  

good first issue

  

help wanted / caution

  

inactive

  

invalid

  

macos-beta

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

UI

app-support

bug

bug

documentation

duplicate

enhancement

game-support

good first issue

help wanted / caution

inactive

invalid

macos-beta

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/PlayCover#1670

No description provided.