Primary

Context

Arc53 DocsGPT Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Arc53 DocsGPT versions 0.8.1 through 0.12.0. The issue arises from improper JSON data parsing using eval(), which allows an unauthorized attacker to send arbitrary Python code for execution via the /api/remote endpoint.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where DocsGPT is running.

Reproduction

To reproduce this vulnerability, send a request to the /api/remote endpoint with crafted JSON data that includes arbitrary Python code. The server will execute the injected code, leading to remote code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

1.9

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

1.9

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arc53 DocsGPT Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating