{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1881", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-26T02:50:23.895Z", "datePublished": "2024-06-06T18:19:08.151Z", "dateUpdated": "2024-08-01T18:56:22.433Z"}, "containers": {"cna": {"title": "Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:19:08.151Z"}, "descriptions": [{"lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."}], "affected": [{"vendor": "significant-gravitas", "product": "significant-gravitas/autogpt", "versions": [{"version": "unspecified", "lessThan": "5.1.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}, {"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command", "cweId": "CWE-78"}]}], "source": {"advisory": "416c4a8b-36ba-4bbc-850a-a2f978b0fac8", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "significant-gravitas", "product": "autogpt", "cpes": ["cpe:2.3:a:significant-gravitas:autogpt:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.5.0", "status": "affected", "lessThan": "5.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T13:47:34.891631Z", "id": "CVE-2024-1881", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T20:57:23.522Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.433Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8", "tags": ["x_transferred"]}, {"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1881", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-26T02:50:23.895Z", "datePublished": "2024-06-06T18:19:08.151Z", "dateUpdated": "2024-07-19T20:57:23.522Z"}, "containers": {"cna": {"title": "Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:19:08.151Z"}, "descriptions": [{"lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."}], "affected": [{"vendor": "significant-gravitas", "product": "significant-gravitas/autogpt", "versions": [{"version": "unspecified", "lessThan": "5.1.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}, {"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command", "cweId": "CWE-78"}]}], "source": {"advisory": "416c4a8b-36ba-4bbc-850a-a2f978b0fac8", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1881", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T13:47:34.891631Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:significant-gravitas:autogpt:*:*:*:*:*:*:*:*"], "vendor": "significant-gravitas", "product": "autogpt", "versions": [{"status": "affected", "version": "0.5.0", "lessThan": "5.1.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T13:50:24.068Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agpt:autogpt_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A52AEC2-A059-4CA5-A8D8-D5DE045D3612", "versionEndExcluding": "0.5.1", "versionStartIncluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."}, {"lang": "es", "value": "AutoGPT, un componente de significant-gravitas/autogpt, es vulnerable a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') debido a una falla en su funci\u00f3n de validaci\u00f3n del comando de shell. Espec\u00edficamente, la vulnerabilidad existe en las versiones v0.5.0 hasta la 5.1.0, pero no incluida. El problema surge del m\u00e9todo de la aplicaci\u00f3n para validar los comandos del shell con una lista de permitidos o de denegados, donde solo verifica la primera palabra del comando. Esto permite a un atacante eludir las restricciones previstas creando comandos que se ejecutan a pesar de no estar en la lista de permitidos o incluyendo comandos maliciosos que no est\u00e1n presentes en la lista de prohibidos. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar comandos de shell arbitrarios."}], "id": "CVE-2024-1881", "lastModified": "2025-08-05T15:35:27.480", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:51.920", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}, {"source": "security@huntr.dev", "tags": ["Third Party Advisory"], "url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{}