Chatgpt On Wechat
Monthly
OS command injection in zhayujie chatgpt-on-wechat (also known as CowAgent) versions up to and including 2.0.8 allows remote attackers to execute arbitrary operating system commands by abusing the _get_safety_warning function within the Bash Tool component (agent/tools/bash/bash.py). Publicly available exploit code exists for this issue, increasing the likelihood of opportunistic abuse, though it is not currently listed in CISA KEV. The vendor has released version 2.0.9 (commit 16d9b449c9aa53ccee44144a762a2737d7ba4fc4) addressing the flaw.
OS command injection in zhayujie chatgpt-on-wechat (also known as CowAgent) versions up to and including 2.0.8 allows remote attackers to execute arbitrary operating system commands by abusing the _get_safety_warning function within the Bash Tool component (agent/tools/bash/bash.py). Publicly available exploit code exists for this issue, increasing the likelihood of opportunistic abuse, though it is not currently listed in CISA KEV. The vendor has released version 2.0.9 (commit 16d9b449c9aa53ccee44144a762a2737d7ba4fc4) addressing the flaw.