YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
DB-GPT v0.8.0 β Unauthenticated plugin-upload RCE (AST validator bypass) β huntr PoC
Private/gated proof-of-concept accompanying a huntr vulnerability report. Access is granted only to the huntr triage bot.
Target: eosphoros-ai/DB-GPT @ v0.8.0 (commit a3f21350, latest release).
An unauthenticated POST /api/v1/personal/agent/upload request uploads a ZIP whose __init__.py body
__import__('os').system(...) passes the shipped anti-malware AST validator
(PluginHub._validate_plugin_code) and is then executed by zipimporter.load_module β remote code
execution on the host, deterministic and without any LLM.
Contents
REPORT.mdβ the full vulnerability report.POC.mdβ the proof-of-concept walkthrough.poc/fire_020.pyβ self-contained deterministic PoC. Run network-isolated:unshare --user --map-root-user --net python3 poc/fire_020.pypoc/vendor/plugin_hub.py,poc/vendor/plugins_util.pyβ the two real v0.8.0 source files the PoC executes (the guard and the sink), byte-identical to the released PyPI wheelsdbgpt-serve==0.8.0anddbgpt==0.8.0β sha256 inpoc/PROVENANCE.txt.poc/sandbox_020.logβ a recorded run (all PASS, incl. two negative controls).
Harmless marker only (touch); no network egress; the target repository is never built or installed.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support