Key Information Vulnerability Title: letta-ai letta >=v0.4.1 Code Injection Description: - Letta (formerly MemGPT) is a stateful agent framework with memory, reasoning, and context management capabilities. - Due to the use of the function, this code is vulnerable to CWE-94 Code Injection. - The function processes string mappings. When the mapping starts with "Running" and matches a specific regular expression, the function extracts and . - For certain values, it executes as a Python expression using . - The issue lies in the fact that attackers can control the mapping input, allowing them to inject malicious Python code into the portion of the string when is called. - This could lead to unauthorized system access, data leakage, or other security risks. Source: https://github.com/letta-ai/letta/issues/2613 Submitter: yuewen (UID #12345) Submission Date: 2023-08-31 13:45 Review Date: 2023-09-10 13:45 Status: [Green Icon] VulDB Entry: [Purple Icon] letta-ai letta up to 0 & 1 Tensor(letta/interface.py function_message_function_name/function_args eval injection) Points: 20