Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SkyworkAI DeepResearchAgent tools.py from_mcp os command injection
Vulnerability Description
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
DeepResearchAgent 命令注入漏洞
Vulnerability Description
DeepResearchAgent是Skywork开源的一个应用程序。 DeepResearchAgent存在命令注入漏洞,该漏洞源于src/tools/tools.py文件中from_code/from_dict/from_mcp函数对参数的错误操作,可能导致os命令注入。
CVSS Information
N/A
Vulnerability Type
N/A