CVE-2024-9439 Information

Description

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.

Reference

https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1