Home > Vulnerability Database > CVE-2024-9439

Mend.io Vulnerability Database

CVE-2024-9439

Date: March 20, 2025

SuperAGI is vulnerable to remote code execution in the latest version. The "agent template update" API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.

Severity Score

8.8

Related Resources (3)

Url: https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9439

Url: https://www.mend.io/vulnerability-database/CVE-2024-9439

Severity Score

8.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9439

Date: March 20, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?