CVE-2024-34524

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content.
Configurations

No configuration.

History

21 Nov 2024, 09:18

Type Values Removed Values Added
References () https://github.com/xlang-ai/OpenAgents/blob/880e26adfe380e999962fc645fc8fc80bd72f103/backend/utils/utils.py#L31 - () https://github.com/xlang-ai/OpenAgents/blob/880e26adfe380e999962fc645fc8fc80bd72f103/backend/utils/utils.py#L31 -
References () https://github.com/xlang-ai/OpenAgents/issues/112 - () https://github.com/xlang-ai/OpenAgents/issues/112 -

03 Jul 2024, 02:00

Type Values Removed Values Added
Summary
  • (es) En XLANG OpenAgents hasta fe73ac4, el mecanismo de protección de archivos permitidos se puede omitir utilizando una extensión de archivo incorrecta para la naturaleza del contenido del archivo.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-288

06 May 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-06 00:15

Updated : 2024-11-21 09:18


NVD link : CVE-2024-34524

Mitre link : CVE-2024-34524

CVE.ORG link : CVE-2024-34524


JSON object : View

Products Affected

No product.

CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel