We use cookies to improve your experience on our site.
AVID-2026-R1432
Description
Vulnerability CVE-2024-23750
Details
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.
Reason for inclusion in AVID: The CVE describes a software vulnerability in MetaGPT (an AI tooling/framework) that allows arbitrary code execution via RunCode.run_script() when shell metacharacters are passed to subprocess.Popen. This is a security vulnerability in a software component used to build/run AI systems, impacting AI pipelines and deployments. It is clearly an AI-related supply-chain issue (dependencies/frameworks used in general-purpose AI stacks) with direct operational impact (RCE).
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-01-22
- Version: 0.3.3
- AVID Entry