Описание
SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00636
Низкий
8.8 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.8
github
11 месяцев назад
SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.
EPSS
Процентиль: 70%
0.00636
Низкий
8.8 High
CVSS3
Дефекты
CWE-94