CVE-2025-0868

Sažetak

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0.

Reference

https://cert.pl/en/posts/2025/02/CVE-2025-0868/
https://cert.pl/posts/2025/02/CVE-2025-0868/
https://github.com/arc53/DocsGPT

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

20-02-2025 - 12:15

Objavljeno

20-02-2025 - 12:15