CVE-2025-0868

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0868

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0868.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-0868

Aliases

GHSA-9gff-5v8w-x922

Published

2025-02-20T12:15:10Z

Modified

2025-02-21T02:01:10.116811Z

Summary

[none]

Details

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.

This issue affects DocsGPT: from 0.8.1 through 0.12.0.

References

Affected packages

Git / github.com/arc53/docsgpt

Affected ranges

Type: GIT
Repo: https://github.com/arc53/docsgpt
Events: Introduced

e07df29ab961a06bcc64b0ea317ace418604b633

Last affected

bed4939652320bf1588b5830f9accecae444bfd2

Affected versions

0.*

0.10.0

0.11.0

0.12.0

0.8.1

0.9.0