Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37273

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the `execute_python_file` and `execute_python_code` commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.1, requiring local system access to exploit with relatively low complexity though user interaction is required requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and limited availability for affected systems. Impacting 1 product from agpt organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-07-13T23:15:10.747

Last Modified

2026-02-24T19:27:37.630

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	agpt	autogpt_classic*	< 0.4.3	Yes

References

https://github.com/Significant-Gravitas/Auto-GPT/pull/4761 Patch, Third Party Advisory ([email protected])
https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-x5gj-2chr-4ch6 Patch, Third Party Advisory ([email protected])
https://github.com/Significant-Gravitas/Auto-GPT/pull/4761 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-x5gj-2chr-4ch6 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For agpt's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.