All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.
References
Configurations
No configuration.
History
21 Nov 2024, 08:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L149 - | |
References | () https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L180 - |
24 Jul 2024, 12:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Jul 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-22 15:15
Updated : 2024-11-21 08:54
NVD link : CVE-2024-21552
Mitre link : CVE-2024-21552
CVE.ORG link : CVE-2024-21552
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')