Search
Find a vulnerability
Search criteria
6 vulnerabilities by arc53
CVE-2026-26015 (GCVE-0-2026-26015)
Vulnerability from nvd – Published: 2026-04-29 17:37 – Updated: 2026-05-06 19:43
VLAI
Title
Unauthenticated RCE in DocsGPT MCP STDIO Configuration
Summary
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
4 references
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26015",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:03:22.221448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:03:55.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-06T19:43:48.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/"
},
{
"url": "https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "DocsGPT",
"vendor": "arc53",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.15.0, \u003c 0.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the \"MCP test\" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T17:37:25.524Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74"
},
{
"name": "https://github.com/arc53/DocsGPT/releases/tag/0.16.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arc53/DocsGPT/releases/tag/0.16.0"
}
],
"source": {
"advisory": "GHSA-gcrq-f296-2j74",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated RCE in DocsGPT MCP STDIO Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26015",
"datePublished": "2026-04-29T17:37:25.524Z",
"dateReserved": "2026-02-09T21:36:29.554Z",
"dateUpdated": "2026-05-06T19:43:48.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0868 (GCVE-0-2025-0868)
Vulnerability from nvd – Published: 2025-02-20 11:26 – Updated: 2025-10-03 08:56
VLAI
KEVIntel
Title
Remote Code Execution in DocsGPT
Summary
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..
This issue affects DocsGPT: from 0.8.1 through 0.12.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2025/02/CVE-2025-0868/ | third-party-advisory |
| https://cert.pl/posts/2025/02/CVE-2025-0868/ | third-party-advisory |
| https://github.com/arc53/DocsGPT | product |
Impacted products
Date Public
2025-02-20 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T14:15:08.297948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T14:15:43.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DocsGPT",
"repo": "https://github.com/arc53/DocsGPT",
"vendor": "Arc53",
"versions": [
{
"lessThanOrEqual": "0.12.0",
"status": "affected",
"version": "0.8.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eryk Winiarz"
}
],
"datePublic": "2025-02-20T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint\u003cspan style=\"background-color: var(--wht);\"\u003e..\u003c/span\u003e\u003c/p\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects DocsGPT: from 0.8.1 through 0.12.0.\u003c/span\u003e"
}
],
"value": "A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..\n\nThis issue affects DocsGPT: from 0.8.1 through 0.12.0."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T08:56:10.028Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-0868/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-0868/"
},
{
"tags": [
"product"
],
"url": "https://github.com/arc53/DocsGPT"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in DocsGPT",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-0868",
"datePublished": "2025-02-20T11:26:11.784Z",
"dateReserved": "2025-01-30T08:24:34.707Z",
"dateUpdated": "2025-10-03T08:56:10.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31451 (GCVE-0-2024-31451)
Vulnerability from nvd – Published: 2024-04-16 14:28 – Updated: 2024-08-02 01:52
VLAI
Title
Limited file write in routes.py (GHSL-2023-250)
Summary
DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/arc53/DocsGPT/security/advisor… | x_refsource_CONFIRM |
| https://github.com/arc53/DocsGPT/commit/d36f58230… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:arc53:docsgpt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "docsgpt",
"vendor": "arc53",
"versions": [
{
"lessThan": "0.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T13:26:49.894447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:24.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp"
},
{
"name": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DocsGPT",
"vendor": "arc53",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T16:16:04.273Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp"
},
{
"name": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT"
}
],
"source": {
"advisory": "GHSA-p5qc-vj2x-9rjp",
"discovery": "UNKNOWN"
},
"title": "Limited file write in routes.py (GHSL-2023-250)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31451",
"datePublished": "2024-04-16T14:28:11.435Z",
"dateReserved": "2024-04-03T17:55:32.646Z",
"dateUpdated": "2024-08-02T01:52:56.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-26015 (GCVE-0-2026-26015)
Vulnerability from cvelistv5 – Published: 2026-04-29 17:37 – Updated: 2026-05-06 19:43
VLAI
Title
Unauthenticated RCE in DocsGPT MCP STDIO Configuration
Summary
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
4 references
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26015",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:03:22.221448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:03:55.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-06T19:43:48.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/"
},
{
"url": "https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "DocsGPT",
"vendor": "arc53",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.15.0, \u003c 0.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the \"MCP test\" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T17:37:25.524Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74"
},
{
"name": "https://github.com/arc53/DocsGPT/releases/tag/0.16.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arc53/DocsGPT/releases/tag/0.16.0"
}
],
"source": {
"advisory": "GHSA-gcrq-f296-2j74",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated RCE in DocsGPT MCP STDIO Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26015",
"datePublished": "2026-04-29T17:37:25.524Z",
"dateReserved": "2026-02-09T21:36:29.554Z",
"dateUpdated": "2026-05-06T19:43:48.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0868 (GCVE-0-2025-0868)
Vulnerability from cvelistv5 – Published: 2025-02-20 11:26 – Updated: 2025-10-03 08:56
VLAI
KEVIntel
Title
Remote Code Execution in DocsGPT
Summary
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..
This issue affects DocsGPT: from 0.8.1 through 0.12.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2025/02/CVE-2025-0868/ | third-party-advisory |
| https://cert.pl/posts/2025/02/CVE-2025-0868/ | third-party-advisory |
| https://github.com/arc53/DocsGPT | product |
Impacted products
Date Public
2025-02-20 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T14:15:08.297948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T14:15:43.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DocsGPT",
"repo": "https://github.com/arc53/DocsGPT",
"vendor": "Arc53",
"versions": [
{
"lessThanOrEqual": "0.12.0",
"status": "affected",
"version": "0.8.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eryk Winiarz"
}
],
"datePublic": "2025-02-20T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint\u003cspan style=\"background-color: var(--wht);\"\u003e..\u003c/span\u003e\u003c/p\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects DocsGPT: from 0.8.1 through 0.12.0.\u003c/span\u003e"
}
],
"value": "A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..\n\nThis issue affects DocsGPT: from 0.8.1 through 0.12.0."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T08:56:10.028Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-0868/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-0868/"
},
{
"tags": [
"product"
],
"url": "https://github.com/arc53/DocsGPT"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in DocsGPT",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-0868",
"datePublished": "2025-02-20T11:26:11.784Z",
"dateReserved": "2025-01-30T08:24:34.707Z",
"dateUpdated": "2025-10-03T08:56:10.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31451 (GCVE-0-2024-31451)
Vulnerability from cvelistv5 – Published: 2024-04-16 14:28 – Updated: 2024-08-02 01:52
VLAI
Title
Limited file write in routes.py (GHSL-2023-250)
Summary
DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/arc53/DocsGPT/security/advisor… | x_refsource_CONFIRM |
| https://github.com/arc53/DocsGPT/commit/d36f58230… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:arc53:docsgpt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "docsgpt",
"vendor": "arc53",
"versions": [
{
"lessThan": "0.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T13:26:49.894447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:24.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp"
},
{
"name": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DocsGPT",
"vendor": "arc53",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T16:16:04.273Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp"
},
{
"name": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-250_DocsGPT"
}
],
"source": {
"advisory": "GHSA-p5qc-vj2x-9rjp",
"discovery": "UNKNOWN"
},
"title": "Limited file write in routes.py (GHSL-2023-250)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31451",
"datePublished": "2024-04-16T14:28:11.435Z",
"dateReserved": "2024-04-03T17:55:32.646Z",
"dateUpdated": "2024-08-02T01:52:56.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}