cbcvebase.
CVE-2024-23750
published 2024-01-22

CVE-2024-23750: MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.

PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.96%
57.1th percentile
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.

Affected

3 ranges
VendorProductVersion rangeFixed in
deepwisdommetagpt<= 0.6.4
foundationagentsmetagpt>= 0 < 0.6.50.6.5
foundationagentsmetagpt0 – 0.6.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.