Lucene search
K

5 matches found

Circl
Circl
added 2025/03/20 12:48 p.m.19 views

CVE-2025-1040

creationtimestamp| type| source ---|---|--- 2025-03-20 12:48:49+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114194836597412892 2025-03-20 13:03:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksr45lvir2w 2025-03-20 13:13:06+00:00| seen|...

8.8CVSS8AI score0.01522EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.6 views

CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

8.8CVSS9.1AI score0.01522EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:11 a.m.71 views

CVE-2025-1040

CVE-2025-1040 : AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that can lead to Remote Code Execution (RCE). The root cause is improper handling of user-supplied format strings in the AgentOutputBlock, where input is passed to the Jinja2 templating en...

8.8CVSS9.1AI score0.01522EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.34 views

CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

8.8CVSS0.01522EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:11 a.m.5 views

CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

8.8CVSS7.5AI score0.01522EPSS
Exploits1References4
Rows per page
Query Builder