| tiêu đề | web-arena-x webarena <=0.2.0 Code Injection |
|---|
| Mô tả | WebArena is a standalone, self-hostable web environment for building LLM autonomous agents. In the WebArena project, specifically in the evaluators.py file (https://github.com/web-arena-x/webarena/blob/main/evaluation_harness/evaluators.py#L266), there is a critical vulnerability. The code checks if the "target_url" starts with "func" and if so, extracts a substring, replaces a value, and then passes it to the "eval()" function for execution. Since "eval()" is used with user-supplied input (as demonstrated by creating a config with "target_url= 'func:import('os').system('rm -f /path/to/sensitive/file')'"), it poses a Remote Code Execution (RCE) risk. This allows attackers to execute arbitrary code with the privileges of the running application, potentially leading to data loss, service outages, or malware installation. It aligns with CWE-94.
More details: https://github.com/web-arena-x/webarena/issues/194 |
|---|
| Nguồn | ⚠️ https://github.com/web-arena-x/webarena/issues/194 |
|---|
| Người dùng | ybdesire (UID 83239) |
|---|
| Đệ trình | 15/04/2025 15:53 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 27/04/2025 21:22 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 306376 [web-arena-x webarena đến 0.2.0 evaluators.py HTMLContentEvaluator target["url"] nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|