Artificial Intelligence

**Name of the Vulnerable Software and Affected Versions** Rapid7 Velociraptor versions prior to 0.76.6 **Description** A YAML injection issue exists in the Windows.Collectors.Remapping artifact. The `hostname` field within the `client info.json` file of a collection ZIP is inserted into a YAML template using Go's text/template without proper escaping. An attacker can use literal double quotes and newlines in the `hostname` variable to break the YAML quoted string and inject a new mount remapping entry. If an analyst applies the resulting remapping file using the `--remap` flag, arbitrary VQL (Velociraptor Query Language) executes on the machine with NullACLManager, granting all permissions and bypassing the sandbox. **Recommendations** Update to version 0.76.6 or later.