CVE-2023-37275

Name of the Vulnerable Software and Affected Versions Auto-GPT versions prior to 0.4.3

Description The issue concerns the Auto-GPT command line UI, which uses color-coded print statements to signify different types of system messages. Before the patch, a malicious external resource could cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences, such as u001b[. These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process".

Recommendations For versions prior to 0.4.3, update to release version 0.4.3 to resolve the issue. As a temporary workaround, consider restricting the use of external resources that may cause misleading messages to be printed to the console until the patch is applied.