CVE-2024-8156 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is use…
Critical CVSS: 9.8

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch name with a malicious payload and opening a pull request, potentially leading to reverse shell access or theft of sensitive tokens and keys.
Vendor
Agpt
Product
Autogpt Classic
CWE
CWE-77
Yayın Tarihi
2025-03-20 10:15:41
Güncelleme
2025-10-15 13:15:54
Source Identifier
security@huntr.dev
KEV Date Added
-

Kategoriler

CWE-77 Autogpt Classic CRITICAL Agpt 2025

Referanslar

https://github.com/significant-gravitas/autogpt/commit/1df7d527dd37dff8363dc162fb58d300f072e302 https://huntr.com/bounties/959efe87-f109-4cef-94d8-90ff2c7aef51 https://huntr.com/bounties/959efe87-f109-4cef-94d8-90ff2c7aef51