letta-ai letta ଯେପର୍ଯ୍ୟନ୍ତ 0.4.1 letta/letta/interface.py function_message function_name/function_args ବିସ୍ତାରିତ ଅଧିକାର

ଏଣ୍ଟ୍ରିଇତିହାସମିଶ୍ରଣ କରନ୍ତୁjsonxmlCTI

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame letta-ai letta ଯେପର୍ଯ୍ୟନ୍ତ 0.4.1 keessatti argameera. Kan miidhamte is hojii function_message faayilii letta/letta/interface.py keessa. Hojii jijjiirraa irratti gaggeeffame function_name/function_args gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-95 geessa. Dadhabbii kana yeroo 06/15/2025 maxxanfameera akka 2613. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-6101tti beekama. Konkolaataa naannoo keessa seenuu barbaachisa ta'ee, weerarri kun milkaa'uuf. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 ଆଡାପ୍ଟେସନ୍ · 90 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/15/2025 11:40 AM	ଅଦ୍ୟତନ 1/3 06/16/2025 05:22 AM	ଅଦ୍ୟତନ 2/3 06/16/2025 07:13 AM	ଅଦ୍ୟତନ 3/3 06/16/2025 11:35 AM
software_vendor	letta-ai	letta-ai	letta-ai	letta-ai
software_name	letta	letta	letta	letta
software_version	<=0.4.1	<=0.4.1	<=0.4.1	<=0.4.1
software_file	letta/letta/interface.py	letta/letta/interface.py	letta/letta/interface.py	letta/letta/interface.py
software_function	function_message	function_message	function_message	function_message
software_argument	function_name/function_args	function_name/function_args	function_name/function_args	function_name/function_args
vulnerability_cwe	CWE-95	CWE-95	CWE-95	CWE-95
vulnerability_risk	2	2	2	2
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	2613	2613	2613	2613
advisory_url	https://github.com/letta-ai/letta/issues/2613	https://github.com/letta-ai/letta/issues/2613	https://github.com/letta-ai/letta/issues/2613	https://github.com/letta-ai/letta/issues/2613
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/letta-ai/letta/issues/2613	https://github.com/letta-ai/letta/issues/2613	https://github.com/letta-ai/letta/issues/2613	https://github.com/letta-ai/letta/issues/2613
source_cve	CVE-2025-6101	CVE-2025-6101	CVE-2025-6101	CVE-2025-6101
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Artificial Intelligence Software	Artificial Intelligence Software	Artificial Intelligence Software	Artificial Intelligence Software
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_av	A	A	A	A
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_av	A	A	A	A
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_av	A	A	A	A
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	5.2	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.4	4.4	4.4	4.4
cvss3_vuldb_basescore	5.5	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.0	5.0	5.0	5.0
cvss3_meta_basescore	5.5	5.5	5.5	5.5
cvss3_meta_tempscore	5.0	5.2	5.2	5.2
cvss4_vuldb_bscore	5.1	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0	2.0
advisory_date	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		A	A	A
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.1	5.1	5.1
cvss3_cna_av		A	A	A
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		5.5	5.5	5.5
cvss2_cna_av		A	A	A
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		5.2	5.2	5.2
euvd_id			EUVD-2025-18359	EUVD-2025-18359
cve_nvd_summaryes				Se ha detectado una vulnerabilidad crítica en letta-ai letta (hasta la versión 0.4.1). La función function_message del archivo letta/letta/interface.py está afectada. La manipulación del argumento function_name/function_args provoca la neutralización incorrecta de directivas en código evaluado dinámicamente. Se ha hecho público el exploit y puede que sea utilizado.

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!