CVE-2024-9439

Source
https://cve.org/CVERecord?id=CVE-2024-9439
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9439.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-9439
Published
2025-03-20T10:10:34.836Z
Modified
2026-07-08T07:33:04.976976751Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Remote Code Execution in transformeroptimus/superagi
Details

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9439.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/transformeroptimus/superagi

Affected ranges

Type
GIT
Repo
https://github.com/transformeroptimus/superagi
Events
Database specific
{
    "cpe": "cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.0.14"
        },
        {
            "last_affected": "0.0.14"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

0.*
0.0.14
v0.*
v0.0.14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9439.json"