GHSA-fc67-c4hg-q653
HIGHAmazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
Blast Radius
github.com/aws/amazon-ecs-agentReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.
Description
Summary
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volume mounting process allows command injection through specially crafted credentials.
Impact
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.
To remediate this issue, users should upgrade to version 1.103.0.
Impacted versions: Version 1.47.0 through 1.102.2 of the ECS Agent for Windows
Patches
This issue only impacts ECS Windows worker instances. ECS on Fargate is not affected. This issue has been addressed in ECS agent version 1.103.0. Amazon ECS recommends upgrading to the latest Amazon ECS-optimized Windows AMI with an updated ECS agent version.
Workarounds
Customers who cannot update to the latest AMI can restrict ecs:RegisterTaskDefinition permissions to trusted IAM principals only and restrict write access to Secrets Manager secrets referenced in FSx volume configurations.
References
If you have any questions or comments about this advisory, Amazon ECS asks that users contact [AWS/Amazon] Security via vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Acknowledgement
Amazon ECS would like to thank Sachin Patil for collaborating on this issue through the coordinated vulnerability disclosure process.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐹Go | github.com/aws/amazon-ecs-agent | ≥ 1.47.0&&< 1.103.0 | 1.103.0 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/aws/amazon-ecs-agent. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/aws/amazon-ecs-agent to 1.103.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-fc67-c4hg-q653 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-fc67-c4hg-q653 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-fc67-c4hg-q653. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-fc67-c4hg-q653 in your dependencies?
O3 detects GHSA-fc67-c4hg-q653 across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.