CVE-2024-9439

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SuperAGI (affected versions not specified)

Description SuperAGI is vulnerable to remote code execution. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks. This can lead to full system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-9439

Affected Products

Superagi

CVE-2024-9439

Weakness Enumeration

Related Identifiers

Affected Products

References · 6