Submit #763745: eosphoros-ai DB-GPT 0.7.5 Code Injection (CWE-94)info

Titleeosphoros-ai DB-GPT 0.7.5 Code Injection (CWE-94)
DescriptionA Remote Code Execution vulnerability exists in the flow import chain of DB-GPT. The flow import endpoint (POST /api/v1/serve/awel/flow/import) accepts a ZIP file upload, extracts it, reads a dbgpts.toml manifest, and when definition_type = "python" is set, loads and executes the package's __init__.py via importlib.machinery.SourceFileLoader.exec_module() without any code validation. The check_api_key() function in endpoints.py explicitly skips authentication for all /api/v1 paths (returns None), making this fully unauthenticated. The attack chain: 1. Upload a ZIP containing dbgpts.toml (definition_type="python"), pyproject.toml, and __init__.py with malicious code 2. _parse_flow_from_zip_file() extracts the ZIP via zip_ref.extractall(temp_dir) 3. parse_package_metadata() reads dbgpts.toml and calls FlowPythonPackage.build_from() 4. load_module_class() → _load_modules_from_file() in dag/loader.py executes __init__.py via SourceFileLoader.exec_module() — zero validation Vulnerable Code: File: packages/dbgpt-core/src/dbgpt/core/awel/dag/loader.py, lines 85-92 loader = importlib.machinery.SourceFileLoader(mod_name, filepath) loader.exec_module(new_module) # executes __init__.py without any validation File: packages/dbgpt-serve/src/dbgpt_serve/flow/api/endpoints.py, line 85-86 if request.url.path.startswith("/api/v1"): return None # bypasses all auth Reproduction: 1. Create ZIP with dbgpts.toml (definition_type="python") and __init__.py containing: open("/tmp/pwned","w").write("RCE!") 2. curl -X POST "http://localhost:5670/api/v1/serve/awel/flow/import" -F "[email protected]" -F "save_flow=false" 3. docker exec <container> cat /tmp/pwned → "RCE! host=... uid=0" Impact: - Unauthenticated remote code execution as root (UID 0) - Single HTTP request with ~1KB ZIP file, no user interaction - Full server compromise, data exfiltration, persistent backdoor
Source⚠️ https://gist.github.com/YLChen-007/d2799d8b2077e50658f12a45bcae9b70
User
 Eric-x (UID 94869)
Submission02/20/2026 10:29 (2 months ago)
Moderation03/01/2026 10:39 (9 days later)
StatusAccepted
VulDB entry348304 [eosphoros-ai db-gpt 0.7.5 Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module File code injection]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!