python/packages/autogen-ext/src/autogen_ext/experimental/task_centric_memory/_memory_bank.py (line 82)
python/packages/autogen-ext/src/autogen_ext/experimental/task_centric_memory/_string_similarity_map.py (line 48)
The MemoryBank and StringSimilarityMap classes use Python's pickle module for serialization/deserialization:
python/packages/autogen-ext/src/autogen_ext/tools/mcp/_config.py
python/packages/autogen-ext/src/autogen_ext/tools/mcp/_workbench.py
StdioServerParams allows specifying arbitrary commands and arguments for MCP server connections. When deserializing this config and passing it to stdio_client(), arbitrary commands can be executed:
python/packages/autogen-ext/src/autogen_ext/code_executors/local/__init__.py
The LocalCommandLineCodeExecutor executes code directly on the host system without any sandboxing. The documentation claims sanitization occurs:
python/packages/autogen-core/src/autogen_core/tools/_function_tool.py
The FunctionTool._from_config() method executes arbitrary Python code via exec() when loading a configuration from an untrusted source. While there is a security warning, the design fundamentally allows code execution.
This security research analyzed Microsoft's AutoGen multi-agent framework for vulnerabilities. The analysis identified 8 security findings, including 3 CRITICAL severity issues that could lead to arbitrary code execution.
| // Hook hasOwnProperty to enable the Photo Verification feature | |
| Object.prototype.hasOwnProperty = function(prop) { | |
| if (prop == "selfieVerification") this.selfieVerification = 1; | |
| return Reflect.has(this, prop); | |
| }; | |
| // Open the profile page | |
| document.querySelector('a[href="/app/profile"]').click(); |
| (async function () { | |
| async function fetchAccessToken() { | |
| let r = await fetch('https://open.spotify.com/get_access_token?reason=transport&productType=web_player'); | |
| let j = await r.json(); | |
| return j.accessToken; | |
| } | |
| async function fetchUserId() { | |
| let r = await fetch('https://api.spotify.com/v1/me', { headers: { authorization: `Bearer ${accessToken}` } }); |
| <script> | |
| let movies = ['https://www.imdb.com/title/tt6543652/', 'https://www.imdb.com/title/tt0062622/', 'https://www.imdb.com/title/tt5629340/', 'https://www.imdb.com/title/tt1655424/', 'https://www.imdb.com/title/tt1375666/', 'https://www.imdb.com/title/tt1285016/', 'https://www.imdb.com/title/tt0964517/', 'https://www.imdb.com/title/tt1504320/', 'https://www.imdb.com/title/tt0947798/', 'https://www.imdb.com/title/tt1340107/', 'https://www.imdb.com/title/tt1568346/', 'https://www.imdb.com/title/tt1675434/', 'https://www.imdb.com/title/tt0476643/', 'https://www.imdb.com/title/tt0363226/', 'https://www.imdb.com/title/tt0093779/', 'https://www.imdb.com/title/tt0087544/', 'https://www.imdb.com/title/tt0119698/', 'https://www.imdb.com/title/tt0245429/', 'https://www.imdb.com/title/tt1445520/', 'https://www.imdb.com/title/tt0096283/', 'https://www.imdb.com/title/tt1772925/', 'https://www.imdb.com/title/tt0111161/', 'https://www.imdb.com/title/tt1045670/', 'https://www.imdb.com/title/tt0468569/', 'https://www.imdb |
| if [ ! -f /usr/bin/gcc-8 ]; then | |
| sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-8 g++-8 | |
| sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-8 1000 | |
| sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 1000 | |
| fi | |
| if [ ! -f /usr/bin/gcc-8 ]; then |
| version: '3.6' | |
| services: | |
| gotty: | |
| image: pataquets/gotty | |
| command: -w bash | |
| ports: | |
| - 8080 |