CVE-2024-34524

2024-05-0600:15:10

[email protected]

web.nvd.nist.gov

cve-2024-34524

bypass vulnerability

xlang openagents

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content.

References

github.com/xlang-ai/OpenAgents/blob/880e26adfe380e999962fc645fc8fc80bd72f103/backend/utils/utils.py#L31

github.com/xlang-ai/OpenAgents/issues/112