9 matches found
MetaGPT 代码注入漏洞
MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the generatethoughts function in the Tree-of-Thought Solver component’s metagpt/strategy/tot.py file, which could lead to...
MetaGPT 代码注入漏洞
MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from operations on the checksolution function within the HumanEvalBenchmark/MBPPBenchmark component, which could lead to code...
MetaGPT 代码注入漏洞
MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from a code injection flaw in the code generate function located in the file metagpt/ext/aflow/scripts/operator.py. It could...
VulnCheck KEV: CVE-2025-0868
A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management when handling namespace scopes for BMCEventSubscription. A user with namespace level roles can access and manipulate secrets from unauthorized namespaces by creating a BMCEventSubscription in a namespace th...
Dotmesh 安全漏洞
Dotmesh is a git-like CLI open-sourced by Dotscience for capturing, organizing and sharing application state. A security vulnerability exists in Dotmesh 0.8.1 and earlier versions, which stems from the insecure handling of symbolic links in the unpacking routine, and could allow an attacker to re...
PT-2023-8832
Name of the Vulnerable Software and Affected Versions Axios versions 0.8.1 through 1.5.1 Description The issue is related to a JavaScript library and involves a cross-site request forgery vulnerability. This vulnerability can allow a remote attacker to gain unauthorized access to the XSRF-TOKEN...
GHSA-236C-VHJ4-GFXG Duplicate Advisory: Embedded malware in ua-parser-js
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references. Original Description A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the...
libavif 缓冲区错误漏洞
libavif is a library for encoding and decoding .avif files. libavif suffers from a security vulnerability that stems from libavif 0.8.0 and 0.8.1 having an out-of-bounds write in the avifDecoderDataFillImageGrid. no details of the vulnerability are currently available...