CVE-2025-4767 | defog-ai introspect up to 0.1.4 Test Endpoint integration_routes.py test_custom_tool input_model code injection (Issue 496)

Inserito da Angelo Barbosa | Mag 15, 2025 | CVE

A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injection.

This vulnerability is handled as CVE-2025-4767. Attacking locally is a requirement. Furthermore, there is an exploit available.

CVE-2025-4767 | defog-ai introspect up to 0.1.4 Test Endpoint integration_routes.py test_custom_tool input_model code injection (Issue 496)

Post correlati

CVE-2024-11032 | Parsi Date Plugin up to 5.1.1 on WordPress add_query_arg cross site scripting

CVE-2024-49770 | oak up to 17.1.2 API Context.send path traversal

CVE-2023-50901 | HasThemes HT Mega Plugin up to 2.3.8 on WordPress cross site scripting

CVE-2021-47007 | Linux Kernel up to 5.10.37/5.11.21/5.12.4 segment.c f2fs_resize_fs allocation of resources