Picobot
Monthly
OS command injection in louisho5 picobot up to version 0.2.0 allows local low-privileged attackers to execute arbitrary operating system commands through the ExecTool.Execute function in internal/agent/tools/exec.go. A publicly available proof-of-concept exploit exists (GitHub issue #43), elevating practical risk despite the moderate CVSS 4.0 score of 4.8. No patch has been issued as the project maintainer has not responded to responsible disclosure, leaving all known deployments persistently exposed.
Server-side request forgery in louisho5 picobot up to version 0.2.0 allows authenticated remote attackers to manipulate the url argument of the WebTool.Execute function in internal/agent/tools/web.go, causing the server to issue arbitrary HTTP requests to internal or external targets. The vulnerability carries a CVSS 4.0 score of 5.3 with low-privilege authentication required and has publicly available exploit code disclosed via a GitHub issue report. The upstream project has not responded to the responsible disclosure, meaning no patch is available at time of analysis.
Link-following vulnerability in louisho5 picobot up to version 0.2.0 allows a remote, low-privileged attacker to traverse outside the intended workspace directory via the CreateSkill and GetSkill functions in the filesystem handler. The root cause is improper symlink resolution (CWE-59) in internal/agent/tools/filesystem.go, enabling potential unauthorized file read and write operations on the host filesystem. A public exploit exists as a GitHub issue report; no vendor patch has been released and the project maintainer has not yet responded to the disclosure.
OS command injection in louisho5 picobot up to version 0.2.0 allows local low-privileged attackers to execute arbitrary operating system commands through the ExecTool.Execute function in internal/agent/tools/exec.go. A publicly available proof-of-concept exploit exists (GitHub issue #43), elevating practical risk despite the moderate CVSS 4.0 score of 4.8. No patch has been issued as the project maintainer has not responded to responsible disclosure, leaving all known deployments persistently exposed.
Server-side request forgery in louisho5 picobot up to version 0.2.0 allows authenticated remote attackers to manipulate the url argument of the WebTool.Execute function in internal/agent/tools/web.go, causing the server to issue arbitrary HTTP requests to internal or external targets. The vulnerability carries a CVSS 4.0 score of 5.3 with low-privilege authentication required and has publicly available exploit code disclosed via a GitHub issue report. The upstream project has not responded to the responsible disclosure, meaning no patch is available at time of analysis.
Link-following vulnerability in louisho5 picobot up to version 0.2.0 allows a remote, low-privileged attacker to traverse outside the intended workspace directory via the CreateSkill and GetSkill functions in the filesystem handler. The root cause is improper symlink resolution (CWE-59) in internal/agent/tools/filesystem.go, enabling potential unauthorized file read and write operations on the host filesystem. A public exploit exists as a GitHub issue report; no vendor patch has been released and the project maintainer has not yet responded to the disclosure.