AI Sec Watch

LMDeploy is a toolkit for compressing, deploying, and serving large language models (LLMs). Prior to version 0.11.1, the software had an insecure deserialization vulnerability (unsafe conversion of data back into executable code) where it used torch.load() without the weights_only=True parameter when opening model checkpoint files, allowing attackers to run arbitrary code on a victim's machine by tricking them into loading a malicious .bin or .pt model file.

Hypergraph Neural Networks (HGNNs, which are AI models that learn from data where connections can link multiple items together instead of just pairs) can be weakened by structural attacks that corrupt their connections and reduce accuracy. HGNN Shield is a defense framework with two main components: Hyperedge-Dependent Estimation (which assesses how important each connection is within the network) and High-Order Shield (which detects and removes harmful connections before the AI processes data). Experiments show the framework improves performance by an average of 9.33% compared to existing defenses.

LangChain, a framework for building applications powered by LLMs (large language models), had a serialization injection vulnerability (a flaw where specially crafted data can be misinterpreted as legitimate code during the conversion of objects to JSON format) in its toJSON() method. The vulnerability occurred because the method failed to properly escape objects containing 'lc' keys, which LangChain uses internally to mark serialized objects, allowing attackers to trick the system into treating malicious user data as legitimate LangChain objects when deserializing (converting back from JSON format).

LangChain, a framework for building AI agents and applications powered by large language models, had a serialization injection vulnerability (a flaw in how it converts data to stored formats) in its dumps() and dumpd() functions before versions 0.3.81 and 1.2.5. The functions failed to properly escape dictionaries containing 'lc' keys, which LangChain uses internally to mark serialized objects, allowing attackers to trick the system into treating user-supplied data as legitimate LangChain objects during deserialization (converting stored data back into usable form).

A vulnerability in Hugging Face Transformers GLM4 allows attackers to run harmful code on a system by tricking users into opening a malicious file or visiting a malicious webpage. The problem occurs because the software doesn't properly check data when loading model weights (the numerical values that make the AI work), allowing deserialization of untrusted data (converting unsafe external files into code the system will execute).

A vulnerability in Hugging Face Transformers' X-CLIP checkpoint conversion allows attackers to execute arbitrary code (running commands they choose on a system) by tricking users into opening malicious files or visiting malicious pages. The flaw occurs because the code doesn't properly validate checkpoint data before deserializing it (converting stored data back into usable objects), which lets attackers inject malicious code that runs with the same permissions as the application.

A vulnerability in Hugging Face Transformers' HuBERT convert_config function allows attackers to execute arbitrary code (RCE, or remote code execution, where an attacker runs commands on a system) by tricking users into converting a malicious checkpoint (a saved model file). The flaw occurs because the function doesn't properly validate user input before using it to run Python code.

Hugging Face Transformers (a popular library for working with AI language models) has a vulnerability in its SEW-D convert_config function that allows attackers to run arbitrary code (any commands they want) on a victim's computer. The flaw exists because the function doesn't properly check user input before using it to execute Python code, and an attacker can exploit this by tricking a user into converting a malicious checkpoint (a saved model file).

A vulnerability in Hugging Face Transformers (a popular AI library) allows attackers to run arbitrary code on a user's computer through a malicious checkpoint (a saved model file). The flaw exists in the convert_config function, which doesn't properly validate user input before executing it as Python code, meaning an attacker can trick a user into converting a malicious checkpoint to execute code with the user's permissions.