AI PRP: Commnad injection in significant-gravitas/autogpt

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

880 stars 179 forks source link

Open am0o0 opened 2 months ago

am0o0 commented 2 months ago

According to recent CVE-2024-6091 we can execute arbitrary commands on the popular AutoGPT AI-based application.

once we run the AutoGPT it'll open an http server which if the server is exposed to the public network then attackers can run arbitrary OS commands.

am0o0 commented 2 months ago

@tooryx as you told me I want to work on this AI PRP parallelly.

tooryx commented 2 months ago

Hi @am0o0,

You can start working on this.

~tooryx