| 제목 | FoundationAgents MetaGPT 0.8.1 OS Command Injection (CWE-78) |
|---|
| 설명 | # Technical Details
An OS Command Injection vulnerability exists in the get_mime_type() function of MetaGPT (metagpt/utils/common.py), which uses shell_execute() with a string command, triggering shell=True in subprocess.
The vulnerability stems from interpolating a user-controlled filename directly into a shell string: shell_execute(f"file --mime-type '{str(filename)}'"). When processing a malicious repository (e.g. via repo_to_markdown()), an attacker can craft a filename containing shell metacharacters like ;, ', or $(), escaping the quotes and injecting OS commands.
# Vulnerable Code
File: metagpt/tools/libs/shell.py
Method: shell_execute()
Why: Sets shell = True if the command is a string.
File: metagpt/utils/common.py
Method: get_mime_type()
Why: await shell_execute(f"file --mime-type '{str(filename)}'") passes unsanitized string directly to the shell.
# Reproduction
1. Create a repository with a maliciously crafted filename: touch "test';id>/tmp/rce_proof;'.txt"
2. Run MetaGPT's repo_to_markdown() or trigger get_mime_type() on this file.
3. The shell executes: file --mime-type 'test' ; id>/tmp/rce_proof ; '.txt'
4. Verify /tmp/rce_proof was created on the system.
# Impact
- Remote Code Execution (RCE): An attacker can supply a malicious repository. When a victim processes this repository with MetaGPT, the malicious filename triggers code execution, allowing full system access, arbitrary file read/write, and data exfiltration.
|
|---|
| 원천 | ⚠️ https://github.com/FoundationAgents/MetaGPT/issues/1930 |
|---|
| 사용자 | Eric-d (UID 96861) |
|---|
| 제출 | 2026. 03. 28. AM 04:23 (27 날 ago) |
|---|
| 모더레이션 | 2026. 04. 09. PM 02:04 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356527 [FoundationAgents MetaGPT 까지 0.8.1 metagpt/utils/common.py get_mime_type 권한 상승] |
|---|
| 포인트들 | 20 |
|---|