AutoGPT 0.5.0
Approved changes feed: RSS · Atom
cpe:2.3:a:agpt:autogpt:0.5.0:*:*:*:*:*:*:*
part: a version: 0.5.0 update: *
| Vendor | Agpt (1f783fc9-c798-5fd7-8b08-5e28f17d7f5b) |
|---|---|
| Product | Autogpt (f287f1c5-bb2b-58ac-82cc-3403c884de90) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/significant-gravitas/autogpt |
purl2cpe | 2026-06-01 10:16:57.733209 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-1879 |
vulnerable | 2026-06-08 06:27:14.812809 |
CSRF to RCE in significant-gravitas/autogpt
HIGH (8.8)
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1.
Published: 2024-06-06T17:53:21.654Z
Updated: 2024-08-21T14:26:56.090Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.