cve/CVE-2024-6091.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2024-6091

Description

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist.

POC

Reference

No PoCs from references.

Github

https://github.com/rahg0/python-intentionally-vuln-package
https://github.com/rahg0/python-weather-app
https://github.com/rahg0/python-weather-app-with-pipenv

1.2 KiB Raw Permalink Blame History

CVE-2024-6091

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History