Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-1879
Modified
More InfoOfficial Page
Source-security@huntr.dev
View Known Exploited Vulnerability (KEV) details
Published At-06 Jun, 2024 | 18:15
Updated At-05 Aug, 2025 | 15:35

A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
agpt
agpt
>>autogpt_classic>>0.5.0
cpe:2.3:a:agpt:autogpt_classic:0.5.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@huntr.dev
CWE ID: CWE-352
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669security@huntr.dev
Patch
https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32security@huntr.dev
Exploit
Third Party Advisory
https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669af854a3a-2127-422b-91ae-364da2661108
Patch
https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32
Source: security@huntr.dev
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Change History
0Changes found
Details not found