Hugging Face Smolagents XPath Injection Vulnerability in Vision Web Browser Component

A XPath injection vulnerability has been identified in Hugging Face Smolagents version 1.20.0. The issue resides in the 'search_item_ctrl_f' function within 'src/smolagents/vision_web_browser.py'. This vulnerability allows attackers to manipulate XPath queries by injecting malicious syntax, bypassing search filters, accessing unintended DOM elements, and disrupting web automation workflows. Such exploitation could lead to unauthorized information disclosure, manipulation of AI agent interactions, and a general compromise of automated web tasks.

Impact

Exploitation of this vulnerability allows for arbitrary XPath injection, enabling attackers to manipulate XPath queries in a way that could, for example, access sensitive information or disrupt normal operations of the application.

Reproduction

The vulnerability can be reproduced by calling the 'search_item_ctrl_f' function with unescaped XPath injection payloads. For example, injecting a payload that breaks out of the intended query context, such as '') or '1'='1'', demonstrates the injection flaw by altering the XPath query logic and bypassing normal search filters.

Remediation

Users are advised to update to Hugging Face Smolagents version 1.22.0 or later, where this vulnerability has been fixed.