agpt@0.2.2 vulnerabilities
An open-source attempt to make GPT-4 autonomous
latest version
0.2.2
first published
2 years ago
latest version published
2 years ago
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the agpt package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the How to fix Server-side Request Forgery (SSRF)? A fix was pushed into the | [0,) |
agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure through the Note: The standard requests library does not suffer from this vulnerability. When a redirect occurs, headers such as Authorization and Proxy-Authorization are not sent across origins, and cookies are managed securely using the standard cookiejar format. How to fix Information Exposure? A fix was pushed into the | [0,) |
agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure due to missing access controls in the WebSocket API. Node execution updates were sent to any subscriber using a valid graph_id and graph_version, allowing unauthorized users to access another user's execution data either via shared Marketplace graphs or by subscribing with a known graph ID. Note: This is only exploitable if multiple users share access to the same instance. It does not affect separate platform instances or non-users. Single-user instances are not affected. For private instances with a user whitelist, the impact is limited to users approved by the administrator. How to fix Information Exposure? A fix was pushed into the | [0,) |