CVE-2024-34524

2024-05-0500:00:00

mitre

www.cve.org

xlang

openagents

bypass

allowed_file

protection mechanism

incorrect file extension

file content

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content.

References

github.com/xlang-ai/OpenAgents/blob/880e26adfe380e999962fc645fc8fc80bd72f103/backend/utils/utils.py#L31

github.com/xlang-ai/OpenAgents/issues/112