You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

DB-GPT v0.8.0 β€” Unauthenticated plugin-upload RCE (AST validator bypass) β€” huntr PoC

Private/gated proof-of-concept accompanying a huntr vulnerability report. Access is granted only to the huntr triage bot.

Target: eosphoros-ai/DB-GPT @ v0.8.0 (commit a3f21350, latest release).

An unauthenticated POST /api/v1/personal/agent/upload request uploads a ZIP whose __init__.py body __import__('os').system(...) passes the shipped anti-malware AST validator (PluginHub._validate_plugin_code) and is then executed by zipimporter.load_module β€” remote code execution on the host, deterministic and without any LLM.

Contents

  • REPORT.md β€” the full vulnerability report.
  • POC.md β€” the proof-of-concept walkthrough.
  • poc/fire_020.py β€” self-contained deterministic PoC. Run network-isolated:
    unshare --user --map-root-user --net python3 poc/fire_020.py
    
  • poc/vendor/plugin_hub.py, poc/vendor/plugins_util.py β€” the two real v0.8.0 source files the PoC executes (the guard and the sink), byte-identical to the released PyPI wheels dbgpt-serve==0.8.0 and dbgpt==0.8.0 β€” sha256 in poc/PROVENANCE.txt.
  • poc/sandbox_020.log β€” a recorded run (all PASS, incl. two negative controls).

Harmless marker only (touch); no network egress; the target repository is never built or installed.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support