Transformer Optimus SuperAGI Code Injection Vulnerability in Agent Template Evaluation

A code injection vulnerability allowing remote code execution has been identified in Transformer Optimus SuperAGI version 0.0.14. The issue arises in the `AgentTemplate.eval_agent_config` method, where user-controlled input is passed directly to Python's `eval()` function without any validation. This vulnerability can be exploited by manipulating agent template configurations, such as the goal, constraints, or instruction fields, which are then evaluated during template loading or updates.

Impact

Exploitation of this vulnerability allows for arbitrary Python code execution, leading to complete system compromise.

Reproduction

To reproduce this vulnerability, create a malicious agent template JSON that includes arbitrary Python code in the 'goal' configuration. Host this JSON at a marketplace endpoint trusted by the target SuperAGI instance. When the template is cloned, the malicious code will be executed. Alternatively, update an existing template with the malicious payload using the template update API, which will also trigger the execution of the injected code.

Remediation

Users can update to SuperAGI version 0.0.15, where this vulnerability has been fixed.