Bypassing Shell Commands Denylist Settings with Modified Path
CVE-2024-6091

9.8CRITICAL

Key Information:

Vendor: Significant-gravitas
Status: Significant-gravitas/autogpt
Vendor: CVE Published:; 11 September 2024

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2024-6091?

A vulnerability present in version 0.5.1 of the Autogpt application by Significant Gravitas allows attackers to bypass configured denylist settings meant to restrict specific shell commands. Although the denylist aims to block potentially harmful commands such as 'whoami', attackers can execute these commands through alternate paths, for example, by using the syntax '/bin/./whoami', which the denylist does not identify. This circumvention can lead to unauthorized access and execution of commands that are meant to be restricted, thereby posing a serious risk to application integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

significant-gravitas/autogpt < 0.5.1

References

https://huntr.com/bounties/8a742c13-bb5e-4bc9-8b86-049d8a...

https://github.com/significant-gravitas/autogpt/commit/ef...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Jun 17, 2024

JSON

Significant-gravitas

What is CVE-2024-6091?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.