漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow
Vulnerability Description
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted PR code. An attacker can exploit this to steal credentials, post comments, push code, or create releases.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Eigent 代码注入漏洞
Vulnerability Description
Eigent是Eigent AI开源的一个多代理工作流程桌面应用程序。 Eigent存在代码注入漏洞,该漏洞源于CI工作流使用pull_request_target触发器并检出不受信任的PR代码,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A