OpenCVE

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Agpt	Autogpt
Significant-gravitas	Autogpt

Configuration 1 [-]

cpe:2.3:a:agpt:autogpt:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669
https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8

History

Tue, 08 Oct 2024 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Agpt Agpt autogpt
CPEs		cpe:2.3:a:agpt:autogpt::::::::
Vendors & Products		Agpt Agpt autogpt
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:19:08.151Z

Updated: 2024-08-01T18:56:22.433Z

Reserved: 2024-02-26T02:50:23.895Z

Link: CVE-2024-1881

Vulnrichment

Updated: 2024-07-19T13:50:24.068Z

NVD

Status : Modified

Published: 2024-06-06T19:15:51.920

Modified: 2024-11-21T08:51:30.913

Link: CVE-2024-1881

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1881", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-26T02:50:23.895Z", "datePublished": "2024-06-06T18:19:08.151Z", "dateUpdated": "2024-08-01T18:56:22.433Z"}, "containers": {"cna": {"title": "Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:19:08.151Z"}, "descriptions": [{"lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."}], "affected": [{"vendor": "significant-gravitas", "product": "significant-gravitas/autogpt", "versions": [{"version": "unspecified", "lessThan": "5.1.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}, {"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command", "cweId": "CWE-78"}]}], "source": {"advisory": "416c4a8b-36ba-4bbc-850a-a2f978b0fac8", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "significant-gravitas", "product": "autogpt", "cpes": ["cpe:2.3:a:significant-gravitas:autogpt:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.5.0", "status": "affected", "lessThan": "5.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T13:47:34.891631Z", "id": "CVE-2024-1881", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T20:57:23.522Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.433Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8", "tags": ["x_transferred"]}, {"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1881", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-26T02:50:23.895Z", "datePublished": "2024-06-06T18:19:08.151Z", "dateUpdated": "2024-07-19T20:57:23.522Z"}, "containers": {"cna": {"title": "Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:19:08.151Z"}, "descriptions": [{"lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."}], "affected": [{"vendor": "significant-gravitas", "product": "significant-gravitas/autogpt", "versions": [{"version": "unspecified", "lessThan": "5.1.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}, {"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command", "cweId": "CWE-78"}]}], "source": {"advisory": "416c4a8b-36ba-4bbc-850a-a2f978b0fac8", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1881", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T13:47:34.891631Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:significant-gravitas:autogpt:*:*:*:*:*:*:*:*"], "vendor": "significant-gravitas", "product": "autogpt", "versions": [{"status": "affected", "version": "0.5.0", "lessThan": "5.1.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T13:50:24.068Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agpt:autogpt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C9E3D7C-1FAC-4FCC-916A-723282A0B366", "versionEndExcluding": "0.5.1", "versionStartIncluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."}, {"lang": "es", "value": "AutoGPT, un componente de significant-gravitas/autogpt, es vulnerable a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') debido a una falla en su funci\u00f3n de validaci\u00f3n del comando de shell. Espec\u00edficamente, la vulnerabilidad existe en las versiones v0.5.0 hasta la 5.1.0, pero no incluida. El problema surge del m\u00e9todo de la aplicaci\u00f3n para validar los comandos del shell con una lista de permitidos o de denegados, donde solo verifica la primera palabra del comando. Esto permite a un atacante eludir las restricciones previstas creando comandos que se ejecutan a pesar de no estar en la lista de permitidos o incluyendo comandos maliciosos que no est\u00e1n presentes en la lista de prohibidos. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar comandos de shell arbitrarios."}], "id": "CVE-2024-1881", "lastModified": "2024-11-21T08:51:30.913", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:51.920", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}, {"source": "security@huntr.dev", "tags": ["Third Party Advisory"], "url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@huntr.dev", "type": "Secondary"}]}