提出 #792223: AgentScope <= 1.0.18 Code Injection (CWE-94)情報

タイトル	AgentScope <= 1.0.18 Code Injection (CWE-94)
説明	# Technical Details A Code Injection/Remote Code Execution vulnerability exists in the `execute_python_code` and `execute_shell_command` methods in `src/agentscope/tool/_coding/_python.py` and `src/agentscope/tool/_coding/_shell.py` of AgentScope. The application fails to sandbox or isolate the execution environment and directly passes LLM-generated arguments to subprocess execution without inspection or validation. # Vulnerable Code File: src/agentscope/tool/_coding/_python.py and src/agentscope/tool/_coding/_shell.py Method: execute_python_code and execute_shell_command Why: The functions write provided code strings to a temp file and execute them via subprocess (`asyncio.create_subprocess_exec` and `asyncio.create_subprocess_shell`) with full inheritance of the server process environment (`os.environ.copy()`) and zero sandboxing or privilege dropping. # Reproduction 1. Deploy a ReActAgent with code execution tools (`execute_python_code`, `execute_shell_command`) exposed over HTTP, following the official patterns. 2. Send a prompt injection crafted payload via HTTP POST to the agent's chat endpoint instructing it to use `execute_python_code` to evaluate arbitrary Python code (e.g., retrieving system info). 3. The LLM processes the injected prompt and generates a tool call containing the malicious payload, which is directly executed by the server, resulting in RCE and environment variable exfiltration. # Impact - Arbitrary Code Execution - Environment Variable Exfiltration (API keys, database credentials) - Internal network lateral movement - Data destruction or server compromise
ソース	⚠️ https://gist.github.com/YLChen-007/c084d69aaeda6729f3988603f2b0ce6e
ユーザー	Eric-f (UID 96873)
送信	2026年03月29日 05:27 (22 日 ago)
モデレーション	2026年04月19日 16:12 (21 days later)
ステータス	承諾済み
VulDBエントリ	358238 [modelscope agentscope 迄 1.0.18 _python.py execute_python_code/execute_shell_command 特権昇格]
ポイント	20

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!