जमा करें #791759: FoundationAgents MetaGPT 0.8.1 Cross Site Request Forgery (CWE-352)जानकारी

शीर्षकFoundationAgents MetaGPT 0.8.1 Cross Site Request Forgery (CWE-352)
विवरण# Technical Details A Cross-Site Request Forgery (CSRF) vulnerability exists in the Mineflayer HTTP API of MetaGPT (metagpt/environment/minecraft/mineflayer/index.js), leading to unauthenticated Remote Code Execution (RCE). The Express.js server runs locally and exposes a /step endpoint that accepts arbitrary JavaScript code via req.body.code and executes it directly through the unsafe eval() function (evaluateCode()). This endpoint has no authentication checks and lacks CORS protection. Additionally, the server binds to x.x.x.x by default. # Vulnerable Code File: metagpt/environment/minecraft/mineflayer/index.js Method: app.post("/step", ...) & evaluateCode() Why: The server accepts POST requests containing raw JavaScript code and directly interpolates it into an eval() statement without restricting origin (CORS) or verifying the caller's identity. # Reproduction 1. Start the MetaGPT Mineflayer HTTP server locally on port 3000. 2. An attacker hosts a malicious HTML page with JavaScript that performs a blind POST request using fetch('http://127.0.0.1:3000/step', { method: 'POST', body: JSON.stringify({ code: "require('child_process').execSync('touch /tmp/csrf_rce_proof')", programs: "" }), mode: 'no-cors' }). 3. A victim running the Mineflayer server visits the attacker's page. 4. The JavaScript payload executes on the victim's machine. Verify /tmp/csrf_rce_proof exists. # Impact - Remote Code Execution (RCE): An attacker can execute arbitrary system commands, exfiltrate data, or establish a reverse shell simply by tricking the victim into opening a malicious webpage while the Mineflayer environment is running.
स्रोत⚠️ https://github.com/FoundationAgents/MetaGPT/issues/1932
उपयोगकर्ता Eric-d (UID 96861)
सबमिशन28/03/2026 04:36 AM (4 महीनों पहले)
संयम11/04/2026 09:49 AM (14 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि356969 [FoundationAgents MetaGPT तक 0.8.1 Mineflayer HTTP API index.js evaluateCode क्रॉस साइट रिक्वेस्ट फॉर्जरी]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!