Eosphoros-AI DB-GPT Code Injection Vulnerability in Flow Import Endpoint

A code injection vulnerability has been identified in Eosphoros-AI DB-GPT version 0.7.5. The issue arises in the Flow Import Endpoint, specifically within the function 'importlib.machinery.SourceFileLoader.exec_module'. This vulnerability allows for remote code execution by manipulating the 'File' input. The endpoint accepts ZIP file uploads containing Python packages. When the package manifest indicates Python code, the server executes the code without validation or sandboxing, bypassing authentication requirements for the API version 1 endpoints.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution on the server, with the executed code running as the root user in the default Docker deployment. This allows for a complete compromise of the server, including potential data exfiltration and the installation of a persistent backdoor.

Reproduction

To reproduce this vulnerability, upload a ZIP file containing a 'dbgpts.toml' file (set 'definition_type' to 'python'), a 'pyproject.toml' file, and a '__init__.py' file with malicious code. The ZIP file is processed by the Flow Import Endpoint, which extracts the files and executes the Python code without any validation. This can be done with a single HTTP POST request to the import endpoint, using a ZIP file of approximately 1KB.