Autogpt Classic
CVE-2023-37275
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (\u001b[). These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". The issue has been patched in release version 0.4.3.
AnalysisAI
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-117. Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (\u001b[). These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". The issue has been patched in release version 0.4.3. Affected products include: Agpt Autogpt Classic. Version information: version 0.4.3..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Autogpt Classic
View allA command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. Rated cri
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist s
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to exe
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/auto
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements us
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high
Same weakness CWE-117 – Improper Output Neutralization for Logs
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today