CVE-2024-1881
published 2024-06-06CVE-2024-1881: AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.43%
69.6th percentile
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agpt | autogpt_classic | >= 0.5.0 < 0.5.1 | 0.5.1 |
| significant-gravitas | significant-gravitas_autogpt | >= unspecified < 5.1.0 | 5.1.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in AutoGPT versions v0.5.0 up to but not including 5.1.0; detection should focus on identifying these affected version ranges in deployed environments. ↗
- →The bypass technique involves crafting shell commands where only the first word is checked against an allowlist/denylist; monitor for multi-word shell commands where the first token is an allowed command but subsequent tokens contain injected malicious commands. ↗
- →Alert on arbitrary OS command execution originating from the AutoGPT shell command validation function, particularly commands that chain or append additional instructions after an allowlisted first token. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8
2024-06-06
Published