Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection
Vulnerability Description
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
MetaGPT 安全漏洞
Vulnerability Description
MetaGPT是MetaGPT公司的一个多代理框架。 MetaGPT 0.8.1及之前版本存在安全漏洞,该漏洞源于对XML Handler组件中metagpt/actions/action_node.py文件ActionNode.xml_fill函数的操作,可能导致动态评估代码中指令中和不当。
CVSS Information
N/A
Vulnerability Type
N/A