Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-6091
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Shell Command Denylist Bypass in significant-gravitas/autogpt
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Significant AutoGPT 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Auto-GPT是Significant Gravitas开源的一个人工智能软件代理程序。 Significant AutoGPT 0.5.1版本存在操作系统命令注入漏洞,该漏洞源于允许攻击者绕过shell命令拒绝列表设置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
significant-gravitassignificant-gravitas/autogpt unspecified ~ 0.5.1 -
II. Public POCs for CVE-2024-6091
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-6091
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: significant-gravitas/autogpt
Same vendor: significant-gravitas
Same weakness: CWE-78
V. Comments for CVE-2024-6091

No comments yet

Leave a comment