Evolver
Monthly
Remote code execution in Evolver versions before 1.69.3 allows unauthenticated network attackers to execute arbitrary shell commands via command injection in the _extractLLM() function. Attackers exploit unsanitized corpus parameters passed to execSync() through string concatenation in a curl command, achieving full system compromise. GitHub security advisory GHSA-j5w5-568x-rq53 confirms the vulnerability with proof-of-concept demonstrating shell command substitution bypass. CVSS score of 9.8 reflects no authentication or user interaction requirements. No CISA KEV listing or EPSS data provided, suggesting exploitation status remains uncertain beyond confirmed POC availability.
Path traversal in Evolver's skill fetch command enables arbitrary file writes via unvalidated --out= flag. Authenticated attackers can overwrite system files or create malicious files in sensitive locations (e.g., cron directories) by using directory traversal sequences like '../../../etc/cron.d'. The vulnerability exists in index.js where user-provided paths from --out= are extracted without sanitization and passed directly to fs.mkdirSync(). Patch released in version 1.69.3. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation.
Remote code execution in Evolver versions before 1.69.3 allows unauthenticated network attackers to execute arbitrary shell commands via command injection in the _extractLLM() function. Attackers exploit unsanitized corpus parameters passed to execSync() through string concatenation in a curl command, achieving full system compromise. GitHub security advisory GHSA-j5w5-568x-rq53 confirms the vulnerability with proof-of-concept demonstrating shell command substitution bypass. CVSS score of 9.8 reflects no authentication or user interaction requirements. No CISA KEV listing or EPSS data provided, suggesting exploitation status remains uncertain beyond confirmed POC availability.
Path traversal in Evolver's skill fetch command enables arbitrary file writes via unvalidated --out= flag. Authenticated attackers can overwrite system files or create malicious files in sensitive locations (e.g., cron directories) by using directory traversal sequences like '../../../etc/cron.d'. The vulnerability exists in index.js where user-provided paths from --out= are extracted without sanitization and passed directly to fs.mkdirSync(). Patch released in version 1.69.3. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation.