Agentsec

**Name of the Vulnerable Software and Affected Versions** autogpt-platform versions prior to autogpt-platform-beta-v0.4.2 **Description** The issue is related to a server-side request forgery (SSRF) vulnerability inside the `Send Web Request` component. The root cause is that IPV6 addresses are not restricted or filtered, allowing attackers to perform a server-side request forgery to visit an IPV6 service. **Recommendations** For versions prior to autogpt-platform-beta-v0.4.2, update to autogpt-platform-beta-v0.4.2 to fix the issue. As a temporary workaround, consider restricting access to the `Send Web Request` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RAGFlow versions 0.15.1 and prior **Description** RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query, making it vulnerable to SQL injection. As of the time of publication, no patched version is available. **Recommendations** For versions 0.15.1 and prior, as a temporary workaround, consider restricting access to the ExeSQL component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.