CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

CVE-2023-37275

CVE-2023-37275 affects Auto-GPT prior to v0.4.3, where a malicious external resource could cause the LLM to regurgitate JSON-encoded ANSI escape sequences, which are decoded and printed to the console as part of the model’s thinking process, spoofing system logs. The vulnerability is fixed in rel...