4 matches found
ECHO-1CE2-9161-9612
Bulletin has no description...
GHSA-W287-WWHF-95VV MetaGPT has an eval injection via a cross-site request forgery attack
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...
Breaking Agent Backbones: Evaluating the Security of Backbone LLMs in AI Agents
AI agents powered by large language models LLMs are being deployed at scale, yet we lack a systematic understanding of how the choice of backbone LLM affects agent security. The non-deterministic sequential nature of AI agents complicates security modeling, while the integration of traditional...
Remote Code Execution (RCE)
safer-eval is vulnerable to remote code execution RCE. The attack is possible due to the generation of RangeError when a Maximum call stack size is exceeded during the sandboxing of the evaluation of code used within the eval function...