Submit #792223: AgentScope <= 1.0.18 Code Injection (CWE-94)info

TitelAgentScope <= 1.0.18 Code Injection (CWE-94)
Beschreibung # Technical Details A Code Injection/Remote Code Execution vulnerability exists in the `execute_python_code` and `execute_shell_command` methods in `src/agentscope/tool/_coding/_python.py` and `src/agentscope/tool/_coding/_shell.py` of AgentScope. The application fails to sandbox or isolate the execution environment and directly passes LLM-generated arguments to subprocess execution without inspection or validation. # Vulnerable Code File: src/agentscope/tool/_coding/_python.py and src/agentscope/tool/_coding/_shell.py Method: execute_python_code and execute_shell_command Why: The functions write provided code strings to a temp file and execute them via subprocess (`asyncio.create_subprocess_exec` and `asyncio.create_subprocess_shell`) with full inheritance of the server process environment (`os.environ.copy()`) and zero sandboxing or privilege dropping. # Reproduction 1. Deploy a ReActAgent with code execution tools (`execute_python_code`, `execute_shell_command`) exposed over HTTP, following the official patterns. 2. Send a prompt injection crafted payload via HTTP POST to the agent's chat endpoint instructing it to use `execute_python_code` to evaluate arbitrary Python code (e.g., retrieving system info). 3. The LLM processes the injected prompt and generates a tool call containing the malicious payload, which is directly executed by the server, resulting in RCE and environment variable exfiltration. # Impact - Arbitrary Code Execution - Environment Variable Exfiltration (API keys, database credentials) - Internal network lateral movement - Data destruction or server compromise
Quelle⚠️ https://gist.github.com/YLChen-007/c084d69aaeda6729f3988603f2b0ce6e
Benutzer
 Eric-f (UID 96873)
Einreichung29.03.2026 05:27 (vor 23 Tagen)
Moderieren19.04.2026 16:12 (21 days later)
StatusAkzeptiert
VulDB Eintrag358238 [modelscope agentscope bis 1.0.18 _python.py execute_python_code/execute_shell_command erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!