3 matches found
CVE-2025-31490
creationtimestamp| type| source ---|---|--- 2025-04-14 23:53:50+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11735 2025-04-15 00:33:26+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114339165376498544 2025-04-15 02:38:09+00:00| seen|...
autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2025-31490 via agpt (=0.2.2)
agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2025-31490 Source advisory: SNYK:PYTHON-AGPT-9802320...
CVE-2025-31490
CVE-2025-31490 affects AutoGPT prior to 0.6.1 and is caused by a DNS rebinding flaw in the requests wrapper used to validate hostnames. The wrapper, located at autogpt_platform/backend/backend/util/request.py, attempts to prevent SSRF by rejecting local IPv4/IPv6 resolutions, but a DNS server’s T...