CVE-2024-8156 in autogptinformazioni

Riassunto

di MITRE • 20/03/2025

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch name with a malicious payload and opening a pull request, potentially leading to reverse shell access or theft of sensitive tokens and keys.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsabile

@huntr Ai

Prenotare

25/08/2024

Divulgazione

20/03/2025

Moderazione

accettato

CPE

pronto

EPSS

0.01666

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!