Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the execute_python_file and execute_python_code commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3.
{
"cwe_ids": [
"CWE-94"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37273.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:agpt:autogpt_classic:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.4.3"
}
],
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
]
}