9255 matches found
Design/Logic Flaw
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
Path traversal
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
CVE-2023-37273
CVE-2023-37273 affects Auto-GPT prior to 0.4.3. The root cause is a docker-compose.yml in the repo root mounted into the container without write protection, allowing malicious Python code via execute_python_file/execute_python_code to overwrite the file and abuse it to gain control of the host on...
CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign
As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. "The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave...
Auto-GPT 代码注入漏洞
Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A code injection vulnerability exists in Auto-GPT versions prior to 0.4.3, which stems from a docker-compose.yml file located in the repository root directory that installs itself into a docker...
PT-2023-25876 · Autogpt · Autogpt
Name of the Vulnerable Software and Affected Versions: Auto-GPT versions prior to 0.4.3 Description: The issue arises from the use of a different docker-compose.yml file when running Auto-GPT by cloning the git repo and executing docker compose run auto-gpt in the repo root. This file mounts itse...
Docker HTTP REST API Public WAN (Internet) / Public LAN Accessible without Authentication
The script checks if the target host is exposing the Docker HTTP REST API endpoints to a public WAN Internet / public LAN without authentication. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Security Bulletin: Multiple operator framework security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary symlink is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework CVE-2015-3627. Distribution is used by IBM Robotic Process Automation as part of the operator framework CVE-2023-2253. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink...
Graylog server has partial path traversal vulnerability in Support Bundle feature
A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...
Silentbob Campaign: Cloud-Native Environments Under Attack
Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to...
Silentbob Campaign: Cloud-Native Environments Under Attack
Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to...
Exploit for Code Injection in Symfony Twig
CVE-2022-23614 Proof of concept PoC for CVE-2022-23614ht...
CVE-2023-36816
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
Cross site scripting
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...