CVE-2023-37274

Summary

CVE-2023-37274 is a vulnerability affecting the Auto-GPT application, which uses a sandboxed Docker container for executing Python code. Prior to version 0.4.3, the `execute_python_code` command did not properly sanitize user-supplied filenames, enabling attackers to perform a path traversal attack and overwrite any .py file outside the designated workspace directory. This can ultimately result in arbitrary code execution on the host system running Auto-GPT. The issue has been resolved in version 0.4.3. As a temporary measure, it is recommended to run Auto-GPT in a virtual machine or an environment where file damage or corruption is not a significant concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.