FoundationAgents MetaGPT Deserialization Vulnerability in Message Handling Allows Code Execution

A deserialization vulnerability has been identified in FoundationAgents MetaGPT versions through 0.8.2. The issue arises in the Message.check_instruct_content function within metagpt/schema.py. By manipulating the 'mapping' argument, an attacker can execute arbitrary code during the deserialization process. This vulnerability is limited to local execution. The problem has been publicly disclosed, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the local machine where MetaGPT is running.

Reproduction

The vulnerability can be reproduced by creating a Message object with crafted 'instruct_content' that includes a 'mapping' branch. The 'mapping' should contain a payload that, when deserialized, executes arbitrary code, such as a command injection via the 'os' module.

Remediation

It is recommended to update MetaGPT to a version where this vulnerability has been addressed. Users can check the official GitHub repository for the latest releases.