CVE Details
Basic Information
| Title | TransformerOptimus SuperAGI EmailToolKit read_email.py download_attachment path traversal |
|---|---|
| Type | cve |
| Published | 2025-06-19T21:27:45.359Z |
| Last Seen |
Product Information
| Vendor | TransformerOptimus |
|---|---|
| Product | SuperAGI |
| Version | 0.0.1 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A path traversal vulnerability in the download_attachment function of SuperAGI’s EmailToolKit allows attackers to write files outside the intended directory, potentially leading to arbitrary code execution. |
|---|---|
| AI Severity | Medium |
| Vendor | TransformerOptimus |
| Product | SuperAGI |
| Affected Version | 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.12, 0.0.13, 0.0.14 |
Affected Products
- TransformerOptimus SuperAGI 0.0.1
- TransformerOptimus SuperAGI 0.0.2
- TransformerOptimus SuperAGI 0.0.3
- TransformerOptimus SuperAGI 0.0.4
- TransformerOptimus SuperAGI 0.0.5
- TransformerOptimus SuperAGI 0.0.6
- TransformerOptimus SuperAGI 0.0.7
- TransformerOptimus SuperAGI 0.0.8
- TransformerOptimus SuperAGI 0.0.9
- TransformerOptimus SuperAGI 0.0.10
- TransformerOptimus SuperAGI 0.0.11
- TransformerOptimus SuperAGI 0.0.12
- TransformerOptimus SuperAGI 0.0.13
- TransformerOptimus SuperAGI 0.0.14
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-22 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.