Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection in significant-gravitas/autogpt
Vulnerability Description
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch name with a malicious payload and opening a pull request, potentially leading to reverse shell access or theft of sensitive tokens and keys.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
AutoGPT 安全漏洞
Vulnerability Description
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT存在安全漏洞,该漏洞源于workflow-checker.yml工作流中存在命令注入,攻击者可以通过创建带有恶意负载的分支名称并打开拉取请求来注入任意命令。
CVSS Information
N/A
Vulnerability Type
N/A