CVE-2024-8156

Published: Mar 20, 2025Modified: Oct 15, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch name with a malicious payload and opening a pull request, potentially leading to reverse shell access or theft of sensitive tokens and keys.

Affected (1)

Products: Agpt: Autogpt Classic

1 product

Autogpt Classic

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Agpt Autogpt Classic	Before 0.5.1

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (3)

https://github.com/significant-gravitas/autogpt/commit/1df7d527dd37dff8363dc162fb58d300f072e302

Source: security@huntr.dev

Patch

https://huntr.com/bounties/959efe87-f109-4cef-94d8-90ff2c7aef51

Source: security@huntr.dev

Exploit

https://huntr.com/bounties/959efe87-f109-4cef-94d8-90ff2c7aef51

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.