Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt
CVE-2025-0454
Description
A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious user can exploit this by submitting a specially crafted URL, such as http://localhost:\@google.com/../, to bypass the SSRF check and perform an SSRF attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <0.4.0
- significant-gravitas/significant-gravitas/autogptv5Range: unspecified
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.