Lucene search
K

3 matches found

CVE
CVE
added 2024/06/06 6:39 p.m.68 views

CVE-2024-1880

CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...

7.8CVSS7.9AI score0.01017EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/06 6:39 p.m.15 views

CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the speech method of the...

7.8CVSS7.8AI score0.01017EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.6 views

The vulnerability of the artificial intelligence tool AutoGPT arises from the failure to address the issue of eliminating special elements used in the operating system’s command set, allowing a perpetrator to execute arbitrary code.

The vulnerability of the artificial intelligence tool AutoGPT exists due to the failure to address the issue of neutralizing specific elements used in the operating system’s command line. Exploiting this vulnerability allows a hacker to execute arbitrary code when using an instance of AutoGPT wit...

8.4CVSS7.7AI score0.01017EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder