Letta-AI Letta Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Letta version 0.7.12, specifically within the 'letta.server.rest_api.routers.v1.tools.run_tool_from_source' function. This vulnerability allows remote attackers to execute arbitrary Python code and system commands by sending crafted payloads to the '/v1/tools/run' endpoint. The issue arises because the application fails to properly sandbox the execution environment, allowing dangerous modules and system functionalities to be accessed. If the Letta server is running as root, the executed commands could potentially gain root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with executed commands running under the user's permissions. If the Letta server is executed as root, the executed commands could gain root privileges.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/v1/tools/run' endpoint with a payload that includes malicious Python code. The 'source_code' field can be crafted to execute specific commands or code. The 'env_vars' field can be used to set environment variables that the executed code can access. After sending the request, the response will indicate whether the execution was successful.

Remediation

Users can update to Letta version 0.8.17, which includes a patch for this vulnerability.