Arbitrary Code Execution Vulnerability in MacOS Text-To-Speech Class

CVE-2024-1880

What is CVE-2024-1880?

An OS command injection vulnerability affects the MacOS Text-To-Speech class (MacOSTTS) within the Significant Gravitas AutoGPT project. This vulnerability is present in versions up to v0.5.0 and stems from the improper handling of special characters in user-inputted text within the _speech method. By employing os.system to run shell commands based on user input, it allows for the execution of arbitrary code if an attacker injects shell commands. This risk is particularly present when the AutoGPT instance is initiated with the --speak option using the TEXT_TO_SPEECH_PROVIDER=macos configuration. The issue has been resolved in version 5.1.0, emphasizing the need for users to update their installations promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References