FoundationAgents MetaGPT Cross-Site Request Forgery Vulnerability in Mineflayer HTTP API

A cross-site request forgery (CSRF) vulnerability has been identified in the Mineflayer HTTP API of FoundationAgents MetaGPT, affecting versions up to 0.8.1. The vulnerability allows for unauthenticated remote code execution (RCE) by exploiting the '/step' endpoint, which accepts arbitrary JavaScript code and executes it using the 'eval()' function without any authentication or CORS protection. The issue arises because the Express.js server binds to all network interfaces by default, making it accessible from any origin.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary code on the victim's machine, with potential consequences such as executing system commands, exfiltrating data, or establishing a reverse shell.

Reproduction

To reproduce this vulnerability, start the MetaGPT Mineflayer HTTP server locally on port 3000. An attacker can then host a malicious webpage that sends a POST request to the '/step' endpoint with a payload containing JavaScript code. When a victim running the Mineflayer server visits the malicious page, the injected code is executed on their machine.

Remediation

Users are advised to update to a version of MetaGPT that addresses this vulnerability. As of now, no patched version is available.