Server-Side Request Forgery Vulnerabilities in Significant Gravitas AutoGPT
CVE-2024-10457

6.5MEDIUM

Key Information:

Vendor: Significant-gravitas
Status: Significant-gravitas/autogpt
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-10457?

Multiple Server-Side Request Forgery vulnerabilities were identified in the Significant Gravitas AutoGPT repository. These vulnerabilities affect various blocks involved with GitHub integration and web search functionalities in version agpt-platform-beta-v0.1.1. When inputs from untrusted sources are processed by these blocks, it may result in credential leakage, unauthorized access to internal services, or exposure of sensitive APIs and data stores. Affected blocks include GitHub List Pull Requests, Review Pull Requests, Assign/Unassign PR Reviewers, Comments, Issues, Labels, Branches, and the Extract Website Content Block. Proper input sanitization and validation measures are critical to mitigate these risks.

Affected Version(s)

significant-gravitas/autogpt < unspecified

References

https://huntr.com/bounties/1d91e1e1-7d45-4bda-bc27-bfe905...

https://github.com/significant-gravitas/autogpt/commit/bc...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Oct 28, 2024

Significant-gravitas

What is CVE-2024-10457?

Affected Version(s)

References

CVSS V3.0

Timeline