Vulnerability Description
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49
- https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49
- https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49
- https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49
FAQ
What is CVE-2024-21552?
CVE-2024-21552 is a vulnerability with a CVSS score of 9.8 (CRITICAL). All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary...
How severe is CVE-2024-21552?
CVE-2024-21552 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-21552?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.