Home > Vulnerability Database > CVE-2024-10457

Mend.io Vulnerability Database

CVE-2024-10457

Good to know:

Date: March 20, 2025

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled by untrusted sources, leading to potential credential leakage, internal network scanning, and unauthorized access to internal services, APIs, or data stores. The affected blocks include GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock.

Severity Score

6.5

Related Resources (4)

Url: https://huntr.com/bounties/1d91e1e1-7d45-4bda-bc27-bfe9052fd975

Url: https://github.com/significant-gravitas/autogpt/commit/bcaf3241dadfc1fca024e91fb8f2e3004105a172

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10457

Url: https://www.mend.io/vulnerability-database/CVE-2024-10457

Severity Score

6.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version https://github.com/significant-gravitas/autogpt.git - autogpt-platform-beta-v0.2.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10457

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?