Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)
Vulnerability Description
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution (RCE) on the backend server by embedding a disabled block inside a graph. The BlockInstallationBlock — a development tool capable of writing and importing arbitrary Python code — was marked disabled=True, but graph validation did not enforce this flag. This allowed any authenticated user to bypass the restriction by including the block as a node in a graph, rather than calling the block's execution endpoint directly (which did enforce the flag). This vulnerability is fixed in 0.6.48.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
AutoGPT 授权问题漏洞
Vulnerability Description
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT 0.6.48之前版本存在授权问题漏洞,该漏洞源于图形验证未强制执行禁用标志,允许经过身份验证的用户绕过限制,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A