45 matches found
PT-2025-12320 · Autogpt +1 · Autogpt +1
Name of the Vulnerable Software and Affected Versions: AutoGPT versions 0.3.4 and earlier Description: AutoGPT versions 0.3.4 and earlier are susceptible to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. This issue stems from the inadequate handling of...
Significant AutoGPT 操作系统命令注入漏洞
Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. Significant AutoGPT version 0.5.1 suffers from an operating system command injection vulnerability that originates from allowing an attacker to bypass shell command denial list settings...
Auto-GPT Operating System Command Injection Vulnerability
Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 up to and including version 5.1.0, which stems from an improper neutralization of special elements used in...
Auto-GPT Operating System Command Injection Vulnerability
Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 and earlier, which stems from an improper neutralization of special elements used in operating system commands,...
Auto-GPT Cross-Site Request Forgery Vulnerability
Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. Auto-GPT version 0.5.0 suffers from a cross-site request forgery vulnerability that stems from an unprotected API endpoint that receives commands, which allows an attacker to execute arbitrary...
CVE-2023-37274
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37273
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
Design/Logic Flaw
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
Command injection
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37275
CVE-2023-37275 affects Auto-GPT prior to v0.4.3, where a malicious external resource could cause the LLM to regurgitate JSON-encoded ANSI escape sequences, which are decoded and printed to the console as part of the model’s thinking process, spoofing system logs. The vulnerability is fixed in rel...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37274
CVE-2023-37274 affects Auto-GPT prior to 0.4.3. The bug arises in execute_python_code where the basename argument is not sanitized before writing LLM-supplied code to a file, enabling path traversal to overwrite .py files outside the Auto-GPT workspace (e.g., ../../../main.py). This can lead to a...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...
CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
CVE-2023-37273
CVE-2023-37273 affects Auto-GPT prior to 0.4.3. The root cause is a docker-compose.yml in the repo root mounted into the container without write protection, allowing malicious Python code via execute_python_file/execute_python_code to overwrite the file and abuse it to gain control of the host on...
CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...