{"data":{"id":"79bcd4f9-7c89-492c-acee-ad3371298047","title":"CVE-2023-37274: Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-G","summary":"Auto-GPT versions before 0.4.3 have a path traversal vulnerability (a weakness where an attacker uses file paths like '../../../' to access files outside the intended directory) in the `execute_python_code` command that fails to validate filenames, allowing an attacker to write malicious code outside the sandbox and execute arbitrary commands on the host system. This vulnerability bypasses the Docker container (a tool that isolates applications) meant to protect the main system from untrusted code.","solution":"The issue has been patched in version 0.4.3. As a workaround, run Auto-GPT in a virtual machine or another environment in which damage to files or corruption of the program is not a critical problem.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-37274","publishedAt":"2023-07-13T23:15:10.820Z","cveId":"CVE-2023-37274","cweIds":["CWE-94"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Auto-GPT","GPT-4","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00058,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}