Submeter #803269: NousResearch hermes-agent 0.8.0 Arbitrary File Readinformação

TítuloNousResearch hermes-agent 0.8.0 Arbitrary File Read
DescriçãoThe WeCom (WeChat Work) platform adapter in hermes-agent processes file:// URLs for media attachments without validating that the resolved file path falls within an allowed directory. An attacker who can trigger a message with a file:// media source can read arbitrary files from the server's filesystem, including sensitive configuration files, SSH keys, and API credentials.
Fonte⚠️ https://github.com/NousResearch/hermes-agent/issues/8733
Utilizador
 Yu_Bao (UID 89348)
Submissão13/04/2026 04h29 (há 2 meses)
Moderação29/04/2026 12h44 (16 days later)
EstadoAceite
Entrada VulDB360120 [NousResearch hermes-agent 0.8.0 WeChat Work Platform Adapter wecom.py Travessia de Diretório]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!