Griptape-AI Griptape SQL Injection Vulnerability in SqlTool Component

A SQL injection vulnerability has been identified in Griptape-AI Griptape version 0.19.4, specifically within the SqlTool component. The issue arises in the file 'griptape/tools/sql/tool.py', where the tool allows agents to execute arbitrary SQL queries against the connected database without proper validation. This lack of oversight enables attackers to manipulate the input and execute malicious SQL commands, potentially leading to remote code execution, unauthorized file access, data exfiltration, or denial-of-service conditions.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution. If the database supports command execution and the user has the necessary privileges, this could lead to remote code execution. Additionally, with minimal privileges, it could cause denial-of-service by executing resource-intensive queries or dropping tables.

Reproduction

The vulnerability can be reproduced by using the Griptape framework's SQL tool with a prompt designed to inject malicious SQL commands. This can be done by encoding SQL injection payloads in Base64 and prompting the tool to decode and execute them. After the injection, the response can be verified by checking the execution result of the injected command, such as 'id' in a PostgreSQL database.