Shell Command Injection Vulnerability Disclosed in Dagger Dashboard Workspace Routes

A critical shell command injection vulnerability has been identified in Dagger's dashboard component, specifically within workspace route handlers. The flaw resides in `src/dashboard/server/routes/workspaces.ts`, where 29 route handlers extract `params['issueId']` from URL parameters and pass the value directly into shell commands without any validation or sanitization. Security researchers examining the codebase identified three functions with direct injectability: `getContainerStatusAsync`, `getMrUrlAsync`, and `ensurePRExists`. Each of these executes system commands using unsanitized input, creating a pathway for arbitrary command execution on the host system.

The most exposed function, `getContainerStatusAsync`, constructs a Docker grep command by interpolating `issueId.toLowerCase()` into the shell string. Similarly, `getMrUrlAsync` passes a `branchName` variable derived from the issue identifier into a GitHub CLI query, while `ensurePRExists` embeds the raw `issueId` value into a `gh pr create` command. All three implementations rely on string concatenation rather than parameterized execution, making them vulnerable to command injection payloads delivered through specially crafted URLs.

The attack surface is constrained by the dashboard's localhost binding, but the GET route architecture introduces a CSRF vector. A malicious webpage can trigger a cross-origin GET request to `http://localhost:<port>/api/workspaces/<payload>`, which browsers execute without CORS preflight checks. This allows an attacker who can induce a victim to visit a crafted page to execute commands under the victim's session context, provided the dashboard service is running and accessible on the target machine. The vulnerability highlights a systemic pattern of trusting URL-derived input within privileged system call contexts.