CVE-2024-10457

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10457

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10457.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-10457

Published

2025-03-20T10:15:16.880Z

Modified

2026-03-13T14:57:53.628919Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled by untrusted sources, leading to potential credential leakage, internal network scanning, and unauthorized access to internal services, APIs, or data stores. The affected blocks include GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock.

References

Affected packages

Git / github.com/significant-gravitas/autogpt

Affected ranges

Type: GIT
Repo: https://github.com/significant-gravitas/autogpt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bcaf3241dadfc1fca024e91fb8f2e3004105a172

Affected versions

agbenchmark-v0.*

agbenchmark-v0.0.10

agpt-platform-beta-v0.*

agpt-platform-beta-v0.1.0

agpt-platform-beta-v0.1.1

agpt-platform-beta-v0.2.0

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.3-alpha

v0.4.4

v0.4.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10457.json"