VYPR
Medium severity6.5OSV Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-10457

CVE-2024-10457

Description

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled by untrusted sources, leading to potential credential leakage, internal network scanning, and unauthorized access to internal services, APIs, or data stores. The affected blocks include GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • agbenchmark-v0.0.10, agpt-platform-beta-v0.1.0, agpt-platform-beta-v0.1.1, …+ 1 more
    • (no CPE)range: agbenchmark-v0.0.10, agpt-platform-beta-v0.1.0, agpt-platform-beta-v0.1.1, …
    • (no CPE)range: = agpt-platform-beta-v0.1.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.