Lucene search
K

45 matches found

Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12320 · Autogpt +1 · Autogpt +1

Name of the Vulnerable Software and Affected Versions: AutoGPT versions 0.3.4 and earlier Description: AutoGPT versions 0.3.4 and earlier are susceptible to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. This issue stems from the inadequate handling of...

8.8CVSS9.3AI score0.01522EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.6 views

Significant AutoGPT 操作系统命令注入漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. Significant AutoGPT version 0.5.1 suffers from an operating system command injection vulnerability that originates from allowing an attacker to bypass shell command denial list settings...

9.8CVSS9.6AI score0.00812EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.7 views

Auto-GPT Operating System Command Injection Vulnerability

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 up to and including version 5.1.0, which stems from an improper neutralization of special elements used in...

9.8CVSS8.1AI score0.01427EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

Auto-GPT Operating System Command Injection Vulnerability

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 and earlier, which stems from an improper neutralization of special elements used in operating system commands,...

7.8CVSS8.1AI score0.01017EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

Auto-GPT Cross-Site Request Forgery Vulnerability

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. Auto-GPT version 0.5.0 suffers from a cross-site request forgery vulnerability that stems from an unprotected API endpoint that receives commands, which allows an attacker to execute arbitrary...

8.8CVSS7.5AI score0.0052EPSS
Exploits1References4
NVD
NVD
added 2023/07/13 11:15 p.m.49 views

CVE-2023-37274

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

7.8CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2023/07/13 11:15 p.m.32 views

CVE-2023-37273

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

8.8CVSS0.00341EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 11:15 p.m.22 views

Design/Logic Flaw

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

4.3CVSS8.9AI score0.00341EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/13 11:15 p.m.16 views

Command injection

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

4.3CVSS4.9AI score0.00381EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/13 10:34 p.m.49 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS5.2AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 10:34 p.m.13 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS7.4AI score0.00381EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 10:34 p.m.73 views

CVE-2023-37275

CVE-2023-37275 affects Auto-GPT prior to v0.4.3, where a malicious external resource could cause the LLM to regurgitate JSON-encoded ANSI escape sequences, which are decoded and printed to the console as part of the model’s thinking process, spoofing system logs. The vulnerability is fixed in rel...

4.3CVSS4.6AI score0.00381EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/13 10:34 p.m.28 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS5AI score0.00381EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/07/13 10:33 p.m.51 views

CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

7.5CVSS8.4AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 10:33 p.m.55 views

CVE-2023-37274

CVE-2023-37274 affects Auto-GPT prior to 0.4.3. The bug arises in execute_python_code where the basename argument is not sanitized before writing LLM-supplied code to a file, enabling path traversal to overwrite .py files outside the Auto-GPT workspace (e.g., ../../../main.py). This can lead to a...

7.8CVSS8.1AI score0.00338EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/13 10:33 p.m.16 views

CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

7.5CVSS7.9AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 10:33 p.m.25 views

CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

7.5CVSS8.2AI score0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/13 10:33 p.m.19 views

CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

8.1CVSS7.3AI score0.00341EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 10:33 p.m.59 views

CVE-2023-37273

CVE-2023-37273 affects Auto-GPT prior to 0.4.3. The root cause is a docker-compose.yml in the repo root mounted into the container without write protection, allowing malicious Python code via execute_python_file/execute_python_code to overwrite the file and abuse it to gain control of the host on...

8.8CVSS8.7AI score0.00341EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/13 10:33 p.m.41 views

CVE-2023-37273 Docker escape in Auto-GPT when running from docker-compose.yml included in git repo

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

8.1CVSS9.2AI score0.00341EPSS
Exploits0References2
Rows per page
Query Builder