CVE-2024-21552

{"id": "CVE-2024-21552", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-22T15:15:02.410", "references": [{"url": "https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L149", "source": "report@snyk.io"}, {"url": "https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L180", "source": "report@snyk.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the \u2018eval\u2019 function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server."}, {"lang": "es", "value": " Todas las versiones de \"SuperAGI\" son vulnerables a la ejecuci\u00f3n de c\u00f3digo arbitrario debido al uso inseguro de la funci\u00f3n \"eval\". Un atacante podr\u00eda inducir la salida de LLM para explotar esta vulnerabilidad y obtener la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor de aplicaciones SuperAGI."}], "lastModified": "2024-07-24T12:55:13.223", "sourceIdentifier": "report@snyk.io"}