CVE-2024-21552

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 22, 2024

Updated: Jul 24, 2024

CWE ID 94

Summary

CVE-2024-21552 is a newly disclosed vulnerability affecting all versions of the SuperAGI software. The issue stems from the insecure use of the 'eval' function, which enables Arbitrary Code Execution. An attacker can manipulate the LLM output to exploit this vulnerability, ultimately gaining unauthorized code execution on the SuperAGI application server. This vulnerability poses a significant risk and requires immediate attention from users to apply the necessary patches or updates to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xLAOCi
https://www.cve.org/CVERecord?id=CVE-2024-21552
https://nvd.nist.gov/vuln/detail/CVE-2024-21552

Back to Vulnerability Database

CVE-2024-21552

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations