Lukas-Eu

**Name of the Vulnerable Software and Affected Versions** MikroORM versions 6.6.9 and earlier MikroORM versions 7.0.5 and earlier **Description** MikroORM is susceptible to SQL injection when processing specially crafted objects as raw SQL query fragments. If user-controlled input is directly passed to MikroORM query construction APIs, an attacker may inject raw SQL fragments, potentially leading to SQL injection depending on the database and query being executed. The issue arises when untrusted objects are used with ORM write APIs, including `wrap(entity).assign(userInput)` followed by `em.flush()`, `em.nativeUpdate()`, `em.nativeInsert()`, and `em.create()` followed by `em.flush()`. Applications that validate input types or enforce strict schema validation before passing data to MikroORM are not affected. The root cause was duck-typed detection of internal ORM marker properties, which the fix replaces with symbol-based markers that cannot be reproduced by user input. **Recommendations** Versions 6.6.9 and earlier should be updated. Versions 7.0.5 and earlier should be updated.

**Name of the Vulnerable Software and Affected Versions** MikroORM versions prior to 6.6.10 MikroORM versions prior to 7.0.6 **Description** A flaw exists in the `Utils.merge` helper within MikroORM that does not prevent the use of special keys like ` proto `, `constructor`, and `prototype` during object merging. This allows attacker-controlled input to potentially modify the JavaScript object prototype. Exploitation requires application code to pass untrusted user input into ORM operations that merge object structures, such as entity property assignment or query condition construction. Prototype pollution may lead to denial of service or unexpected application behavior. In some cases, polluted properties could influence query construction, potentially resulting in SQL injection depending on the application code. **Recommendations** Update to MikroORM version 6.6.10 or later. Update to MikroORM version 7.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** python-ldap versions prior to 3.4.5 **Description** The `ldap.filter.escape filter chars` method in python-ldap can be exploited to bypass character escaping when a crafted `list` or `dict` is provided as the `assertion value` parameter, and `escape mode` is set to 1. This can lead to LDAP injection attacks, potentially allowing unauthorized disclosure or manipulation of LDAP data. The issue occurs because the method does not adequately ensure a fully escaped return value in this specific configuration. The vulnerable method is `ldap.filter.escape filter chars`. **Recommendations** Upgrade to python-ldap version 3.4.5 or later.

**Name of the Vulnerable Software and Affected Versions** Auto-GPT versions prior to 0.4.3 **Description** The issue arises from the use of a different docker-compose.yml file when running Auto-GPT by cloning the git repo and executing `docker compose run auto-gpt` in the repo root. This file mounts itself into the docker container without write protection, allowing malicious custom python code executed via the `execute python file` and `execute python code` commands to overwrite the docker-compose.yml file. This can lead to abuse and gain control of the host system the next time Auto-GPT is started. **Recommendations** For versions prior to 0.4.3, update to version 0.4.3 to resolve the issue. As a temporary workaround, consider disabling the `execute python file` and `execute python code` commands until the update is applied. Restrict access to the docker-compose.yml file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Auto-GPT versions prior to 0.4.3 **Description** The issue allows for a path traversal attack, enabling the overwrite of any .py file outside the workspace directory by specifying a malicious `basename` argument, such as `../../../main.py`. This can be further exploited to achieve arbitrary code execution on the host running Auto-GPT. For example, overwriting `autogpt/main.py` can lead to code execution outside the intended docker sandbox environment when Auto-GPT is restarted. **Recommendations** For versions prior to 0.4.3, update to version 0.4.3 to resolve the issue. As a temporary workaround, consider running Auto-GPT in a virtual machine or an environment where file damage or program corruption is not critical.

**Name of the Vulnerable Software and Affected Versions** Auto-GPT versions prior to 0.4.3 **Description** The issue concerns the Auto-GPT command line UI, which uses color-coded print statements to signify different types of system messages. Before the patch, a malicious external resource could cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences, such as `u001b[`. These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". **Recommendations** For versions prior to 0.4.3, update to release version 0.4.3 to resolve the issue. As a temporary workaround, consider restricting the use of external resources that may cause misleading messages to be printed to the console until the patch is applied.