12 matches found
EUVD-2025-14313
Malicious code in bioql PyPI...
CVE-2025-4032
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
AWorld OS Command Injection vulnerability
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
Arbitrary Command Injection
Overview aworld is an Ant Agent Package Affected versions of this package are vulnerable to Arbitrary Command Injection through the subprocess.run and subprocess.Popen functions in shelltool.py. This allows an attacker to inject malicious commands due to insufficient sanitization of user-supplied...
GHSA-JMJF-MFHM-J3GF AWorld OS Command Injection vulnerability
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
CVE-2025-4032
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
CVE-2025-4032
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
CVE-2025-4032 inclusionAI AWorld shell_tool.py subprocess.Popen os command injection
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
CVE-2025-4032
CVE-2025-4032 affects inclusionAI AWorld, specifically the shell_tool.py component where subprocess.run/subprocess.Popen can lead to OS command injection. The vulnerability is exploitable remotely; exploitation is considered difficult with high complexity across multiple CVSS sources. Affected co...
CVE-2025-4032 inclusionAI AWorld shell_tool.py subprocess.Popen os command injection
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
PT-2025-18101 · Unknown · Inclusionai Aworld
Name of the Vulnerable Software and Affected Versions: inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e Description: A critical issue affects the subprocess.run/subprocess.Popen function of the file AWorld/aworld/virtual environments/terminals/shell tool.py, leading to os command...
AWorld 命令注入漏洞
AWorld is an easy to build, evaluate, and run generic multi-agent assistance program open-sourced by inclusionAI. AWorld suffers from a command injection vulnerability that stems from incorrect manipulation of the function subprocess.run/subprocess.Popen resulting in os command injection...