Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Foundation Agents MetaGPT operator.py code_generate code injection
Vulnerability Description
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
MetaGPT 代码注入漏洞
Vulnerability Description
MetaGPT是MetaGPT公司的一个多代理框架。 MetaGPT 0.8.1及之前版本存在代码注入漏洞,该漏洞源于文件metagpt/ext/aflow/scripts/operator.py中函数code_generate存在代码注入,可能导致远程执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A