Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch name with a malicious payload and opening a pull request, potentially leading to reverse shell access or theft of sensitive tokens and keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-8156
  • Agpt » Autogpt » Version: 0.1.0
    cpe:2.3:a:agpt:autogpt:0.1.0
  • Agpt » Autogpt » Version: 0.1.1
    cpe:2.3:a:agpt:autogpt:0.1.1
  • Agpt » Autogpt » Version: 0.1.2
    cpe:2.3:a:agpt:autogpt:0.1.2
  • Agpt » Autogpt » Version: 0.1.3
    cpe:2.3:a:agpt:autogpt:0.1.3
  • Agpt » Autogpt » Version: 0.2.0
    cpe:2.3:a:agpt:autogpt:0.2.0
  • Agpt » Autogpt » Version: 0.2.1
    cpe:2.3:a:agpt:autogpt:0.2.1
  • Agpt » Autogpt » Version: 0.2.2
    cpe:2.3:a:agpt:autogpt:0.2.2
  • Agpt » Autogpt » Version: 0.3.0
    cpe:2.3:a:agpt:autogpt:0.3.0
  • Agpt » Autogpt » Version: 0.3.1
    cpe:2.3:a:agpt:autogpt:0.3.1
  • Agpt » Autogpt » Version: 0.4.0
    cpe:2.3:a:agpt:autogpt:0.4.0
  • Agpt » Autogpt » Version: 0.4.1
    cpe:2.3:a:agpt:autogpt:0.4.1
  • Agpt » Autogpt » Version: 0.4.2
    cpe:2.3:a:agpt:autogpt:0.4.2
  • Agpt » Autogpt » Version: 0.4.3
    cpe:2.3:a:agpt:autogpt:0.4.3
  • Agpt » Autogpt » Version: 0.4.4
    cpe:2.3:a:agpt:autogpt:0.4.4
  • Agpt » Autogpt » Version: 0.4.5
    cpe:2.3:a:agpt:autogpt:0.4.5
  • Agpt » Autogpt » Version: 0.4.6
    cpe:2.3:a:agpt:autogpt:0.4.6
  • Agpt » Autogpt » Version: 0.4.7
    cpe:2.3:a:agpt:autogpt:0.4.7
  • Agpt » Autogpt » Version: 0.5.0
    cpe:2.3:a:agpt:autogpt:0.5.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved