FoundationAgents MetaGPT Code Injection Vulnerability in Tree-of-Thought Solver

A code injection vulnerability has been identified in FoundationAgents MetaGPT versions through 0.8.1. The issue resides in the Tree-of-Thought (ToT) solver, specifically within the 'generate_thoughts' function of 'metagpt/strategy/tot.py'. This vulnerability allows for remote code execution (RCE) by using Python's 'eval()' function to process unvalidated responses from the language model (LLM). An attacker can manipulate the LLM's output through prompt injection, leading to the execution of arbitrary code on the machine running MetaGPT.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, inject a prompt that influences the LLM to include Python code in its response, such as a command to be executed on the system. The ToT solver will extract this code and execute it via 'eval()', resulting in the execution of the injected command.

Remediation

The vulnerability has been patched in the official repository by replacing 'eval()' with 'json.loads()' to safely parse JSON data. Users should update to the latest version of MetaGPT.