CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6091 – Shell Command Denylist Bypass in significant-gravitas/autogpt
https://notcve.org/view.php?id=CVE-2024-6091
11 Sep 2024 — A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist. • https://github.com/significant-gravitas/autogpt/commit/ef691359b774a1f9f80cf4f5ace9821967b718ed • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1880 – OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt
https://notcve.org/view.php?id=CVE-2024-1880
06 Jun 2024 — An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the `_speech` method of the MacOSTTS class. Specifically, the use of `os.system` to execute the `say` command with user-supplied text allows for arbitrary code execution if an attacker can inject shell commands. This issue is triggered whe... • https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2024-1881 – Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt
https://notcve.org/view.php?id=CVE-2024-1881
06 Jun 2024 — AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the in... • https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1879 – CSRF to RCE in significant-gravitas/autogpt
https://notcve.org/view.php?id=CVE-2024-1879
06 Jun 2024 — A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for ar... • https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37275 – System logs spoofable in Auto-GPT via ANSI control sequences
https://notcve.org/view.php?id=CVE-2023-37275
13 Jul 2023 — Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the consol... • https://github.com/Significant-Gravitas/Auto-GPT/pull/4810 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37274 – Python code execution sandbox escape in non-docker version in Auto-GPT
https://notcve.org/view.php?id=CVE-2023-37274
13 Jul 2023 — Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory. Before v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-suppl... • https://github.com/Significant-Gravitas/Auto-GPT/pull/4756 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37273 – Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
https://notcve.org/view.php?id=CVE-2023-37273
13 Jul 2023 — Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is ... • https://github.com/Significant-Gravitas/Auto-GPT/pull/4761 • CWE-94: Improper Control of Generation of Code ('Code Injection') •