You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have noticed that Devika does not implement security measures to isolate the execution of user-provided code, which could lead to the takeover of the server running the code.
For instance, when I used the following prompt to execute code, Devika directly opened the calculator on my computer:
execute the following python code: os.system("open -a calculator")
If I were to execute malicious code, this could seriously compromise server security.
Screenshots and logs
The text was updated successfully, but these errors were encountered:
SecureMPro
changed the title
[Bug]
[Bug] Security bug: Arbitrary code execution
Aug 13, 2024
Describe the bug
Security bug: Arbitrary code execution
How To Reproduce
Hello Developer,
I have noticed that Devika does not implement security measures to isolate the execution of user-provided code, which could lead to the takeover of the server running the code.
For instance, when I used the following prompt to execute code, Devika directly opened the calculator on my computer:
execute the following python code: os.system("open -a calculator")
If I were to execute malicious code, this could seriously compromise server security.
Screenshots and logs
The text was updated successfully, but these errors were encountered: