OpenCVE

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". The issue has been patched in release version 0.4.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Agpt	Auto-gpt

Configuration 1 [-]

cpe:2.3:a:agpt:auto-gpt:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Significant-Gravitas/Auto-GPT/pull/4810
https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh

History

Tue, 22 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-13T22:34:45.809Z

Updated: 2024-10-22T14:52:38.684Z

Reserved: 2023-06-29T19:35:26.440Z

Link: CVE-2023-37275

Vulnrichment

Updated: 2024-08-02T17:09:33.632Z

NVD

Status : Modified

Published: 2023-07-13T23:15:10.890

Modified: 2024-11-21T08:11:22.443

Link: CVE-2023-37275

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37275", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-29T19:35:26.440Z", "datePublished": "2023-07-13T22:34:45.809Z", "dateUpdated": "2024-10-22T14:52:38.684Z"}, "containers": {"cna": {"title": "System logs spoofable in Auto-GPT via ANSI control sequences", "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "lang": "en", "description": "CWE-117: Improper Output Neutralization for Logs", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh"}, {"name": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810", "tags": ["x_refsource_MISC"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810"}], "affected": [{"vendor": "Significant-Gravitas", "product": "Auto-GPT", "versions": [{"version": "< 0.4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-13T22:34:45.809Z"}, "descriptions": [{"lang": "en", "value": "Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's \"thinking process\". The issue has been patched in release version 0.4.3.\n"}], "source": {"advisory": "GHSA-r7f7-qrrv-3fjh", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.632Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh"}, {"name": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T14:51:38.896286Z", "id": "CVE-2023-37275", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T14:52:38.684Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh", "name": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810", "name": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.632Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37275", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T14:51:38.896286Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T14:52:34.182Z"}}], "cna": {"title": "System logs spoofable in Auto-GPT via ANSI control sequences", "source": {"advisory": "GHSA-r7f7-qrrv-3fjh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Significant-Gravitas", "product": "Auto-GPT", "versions": [{"status": "affected", "version": "< 0.4.3"}]}], "references": [{"url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh", "name": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810", "name": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's \"thinking process\". The issue has been patched in release version 0.4.3.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-117", "description": "CWE-117: Improper Output Neutralization for Logs"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-13T22:34:45.809Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37275", "state": "PUBLISHED", "dateUpdated": "2024-10-22T14:52:38.684Z", "dateReserved": "2023-06-29T19:35:26.440Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-07-13T22:34:45.809Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agpt:auto-gpt:*:*:*:*:*:*:*:*", "matchCriteriaId": "10E8D9E9-E73C-4B20-989E-1D432F7ED3BB", "versionEndExcluding": "0.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's \"thinking process\". The issue has been patched in release version 0.4.3.\n"}], "id": "CVE-2023-37275", "lastModified": "2024-11-21T08:11:22.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-13T23:15:10.890", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-r7f7-qrrv-3fjh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "security-advisories@github.com", "type": "Secondary"}]}