Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenAkita Chat API Endpoint shell.py run os command injection
Vulnerability Description
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
OpenAkita 操作系统命令注入漏洞
Vulnerability Description
OpenAkita是OpenAkita个人开发者的一个多平台多智能体协作AI助手。 OpenAkita 1.24.3及之前版本存在操作系统命令注入漏洞,该漏洞源于对组件Chat API Endpoint中文件src/openakita/tools/shell.py函数run参数Message的错误操作,可能导致os命令注入。
CVSS Information
N/A
Vulnerability Type
N/A