The severity is HIGH due to potential unauthorized access or system manipulation if the run_shell tool is enabled without proper sandboxing. Real-world exploitability is high as it involves executing arbitrary shell commands.
The security advisory describes a potential risk in the AgentExecutor from OnPrem.LLM, where if an agent has access to the run_shell tool, it can execute commands outside of its intended sandbox, leading to unauthorized file access or system manipulation. This affects users running on environments that do not properly sandbox the execution, particularly those using local models like llama.cpp.
Affected Systems
- AgentExecutor from OnPrem.LLM
Affected Versions: All versions before patches are applied
Remediation
- Ensure that the AgentExecutor is run with 'disable_shell=True' to prevent access to the run_shell tool.
- Use sandboxing features if available, such as setting 'sandbox=True'.
- Update to the latest version of PatchPal and OnPrem.LLM to ensure you have the most recent security patches.
Stack Impact
python