PT-2023-25878 · Autogpt · Autogpt

Lukas-Eu

Published

2023-07-13

Updated

2023-07-27

CVE-2023-37275

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Auto-GPT versions prior to 0.4.3

Description The issue concerns the Auto-GPT command line UI, which uses color-coded print statements to signify different types of system messages. Before the patch, a malicious external resource could cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences, such as u001b[. These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process".

Recommendations For versions prior to 0.4.3, update to release version 0.4.3 to resolve the issue. As a temporary workaround, consider restricting the use of external resources that may cause misleading messages to be printed to the console until the patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-117

Related Identifiers

CVE-2023-37275

GHSA-R7F7-QRRV-3FJH

Affected Products

Autogpt

PT-2023-25878 · Autogpt · Autogpt

CVE-2023-37275

Weakness Enumeration

Related Identifiers

Affected Products

References · 5