Impact
A security vulnerability was discovered in the chatgpt-on-wechat project's tool plugin system. The vulnerability allows attackers to execute arbitrary Python code and system commands through the tool plugin's Python and terminal components, which were enabled by default in the configuration template.
Vulnerability Details
- Affected Component: Tool plugin system (Python and terminal tools)
- Attack Vector: Malicious input through support channels
- Impact: Unauthorized code execution, environment variable disclosure, potential data exfiltration
Root Cause
The vulnerability stems from the default enablement of Python and terminal tools in the tool plugin configuration template, allowing unrestricted code execution without proper authorization checks.
Immediate Actions
-
Upgrade to version 1.7.0 or later - The default configuration has been updated to disable the Python and terminal tools by default.
-
Manual Configuration Review - If upgrading is not immediately possible, manually review and disable the Python and terminal tools in your configuration:
- Remove or comment out Python and terminal tool configurations
- Implement proper access controls if these tools are required
Long-term Recommendations
- Regularly review plugin configurations
- Implement proper authorization checks for sensitive operations
- Consider running tools in sandboxed environments
- Monitor for suspicious activity in logs
References
Credits
This vulnerability was responsibly disclosed by:
We thank them for their responsible disclosure and for helping improve the security of this project.
DaHuoji555 Analyst
mozihe Analyst
Impact
A security vulnerability was discovered in the chatgpt-on-wechat project's tool plugin system. The vulnerability allows attackers to execute arbitrary Python code and system commands through the tool plugin's Python and terminal components, which were enabled by default in the configuration template.
Vulnerability Details
Root Cause
The vulnerability stems from the default enablement of Python and terminal tools in the tool plugin configuration template, allowing unrestricted code execution without proper authorization checks.
Immediate Actions
Upgrade to version 1.7.0 or later - The default configuration has been updated to disable the Python and terminal tools by default.
Manual Configuration Review - If upgrading is not immediately possible, manually review and disable the Python and terminal tools in your configuration:
Long-term Recommendations
References
Credits
This vulnerability was responsibly disclosed by:
We thank them for their responsible disclosure and for helping improve the security of this project.