CVE-2024-6091

A vulnerability in significant-gravitasautogpt version 0.5.1 allows an attacker to

Publication date: 2024-09-11

Last updated on: 2024-09-18

Description

A vulnerability in significant-gravitasautogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as whoami and binwhoami. An attacker can circumvent this restriction by executing commands with a modified path, such as bin.whoami, which is not recognized by the denylist.

CVSS Scores

Affected Vendors & Products

Vendor	Product	Version
agpt	autogpt	0.5.1

Helpful Resources

Exploit, Third Party Advisory
Patch

Exploitability

CWE ID	Description
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

Date published:

2024-09-11

Date last modified:

2024-09-18

Date generated:

2025-01-15

NVD report:

CVE-2024-6091