CVE-2025-0454
A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the `urlparse` function from the `urllib.parse` library and the `requests` library. A malicious user can exploit this by submitting a specially crafted URL, such as `http://localhost:\@google.com/../`, to bypass the SSRF check and perform an SSRF attack.
Vendor
Product
CWE
Yayın Tarihi
2025-03-20 10:15:53
Güncelleme
2025-08-05 17:04:05
Source Identifier
security@huntr.dev
KEV Date Added
-