admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-215xx/CVE-2024-21552.json
cad-safe-bot 97aa7a28c3 Auto-Update: 2024-07-24T14:00:17.863007+00:00
2024-07-24 14:03:13 +00:00

64 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-21552",
"sourceIdentifier": "report@snyk.io",
"published": "2024-07-22T15:15:02.410",
"lastModified": "2024-07-24T12:55:13.223",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the \u2018eval\u2019 function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server."
},
{
"lang": "es",
"value": " Todas las versiones de \"SuperAGI\" son vulnerables a la ejecuci\u00f3n de c\u00f3digo arbitrario debido al uso inseguro de la funci\u00f3n \"eval\". Un atacante podr\u00eda inducir la salida de LLM para explotar esta vulnerabilidad y obtener la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor de aplicaciones SuperAGI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L149",
"source": "report@snyk.io"
},
{
"url": "https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L180",
"source": "report@snyk.io"
}
]
}
Reference in New Issue View Git Blame Copy Permalink