CVE-2024-56137 – MaxKB RCE vulnerability in function library

https://notcve.org/view.php?id=CVE-2024-56137

02 Jan 2025 — MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0. • https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •