CVE-2024-4343

CRITICAL

privategpt < 0.6.0 - Remote Code Execution via SagemakerLLM complete() Method

Title source: llm

Description

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()` function to parse a string received from a remote AWS SageMaker LLM endpoint into a dictionary. This method of parsing is unsafe as it can execute arbitrary Python code contained within the response. An attacker can exploit this vulnerability by manipulating the response from the AWS SageMaker LLM endpoint to include malicious Python code, leading to potential execution of arbitrary commands on the system hosting the application. The issue is fixed in version 0.6.0.

References (2)

Core 2

Core References

Patch

https://github.com/imartinez/privategpt/commit/86368c61760c9cee5d977131d23ad2a3e063cbe9

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://huntr.com/bounties/1d1e8f06-ec45-4b17-ae24-b83a41304c15

Scores

CVSS v3 9.8

EPSS 0.0261

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

pribai/privategpt < 0.6.0

Published Nov 14, 2024

Tracked Since Feb 18, 2026