AI Sec Watch

CVE-2024-6706 is a vulnerability where attackers can write malicious prompts that trick a language model into running arbitrary JavaScript (code that executes in a web browser) on a webpage. This is a type of cross-site scripting (XSS) attack, where untrusted input is not properly cleaned before being displayed on a web page, allowing attackers to inject malicious code.

CVE-2024-38206 is a vulnerability in Microsoft Copilot Studio where an authenticated attacker (someone with valid login credentials) can bypass SSRF protection (security that prevents a server from being tricked into making unwanted network requests) to leak sensitive information over a network.

A vulnerability in the stitionai/devika AI project allows attackers to read sensitive files on a computer through prompt injection (tricking an AI by hiding malicious instructions in its input). The problem occurs because Google Gemini's safety filters were disabled, which normally prevent harmful outputs, leaving the system open to commands like reading `/etc/passwd` (a file containing user account information).

CVE-2024-38791 is a server-side request forgery (SSRF, a flaw where an attacker tricks a server into making unwanted requests to other systems) vulnerability in the Jordy Meow AI Engine: ChatGPT Chatbot plugin that affects versions up to 2.4.7. The vulnerability allows attackers to exploit this weakness to perform unauthorized actions by manipulating the plugin's server requests.

Haystack is a framework for building applications with LLMs (large language models) and AI tools, but versions before 2.3.1 have a critical vulnerability where attackers can execute arbitrary code if they can create and render Jinja2 templates (template engines that generate dynamic text). This affects Haystack clients that allow users to create and run Pipelines, which are workflows that process data through multiple steps.

A bug in TensorFlow (an open source platform for building machine learning models) causes a segfault (a crash where the program tries to access memory it shouldn't) when the `array_ops.upper_bound` function receives input that is not a rank 2 tensor (a two-dimensional array of numbers).

Langflow versions before 1.0.13 have a privilege escalation vulnerability (a security flaw where an attacker gains higher access rights than they should have) that lets a remote attacker with low privileges become a super admin by sending a specially crafted request to the '/api/v1/users' endpoint using mass assignment (a technique where an attacker modifies multiple fields at once by exploiting how the application handles user input).

Microsoft's Copilot Studio is a low-code platform that lets employees build chatbots, but it has security risks including data leaks and unauthorized access when Copilots are misconfigured. The post warns that external attackers can find and interact with improperly set-up Copilots, and discusses how to protect organizational data using security controls.

CVE-2024-41120 is a vulnerability in streamlit-geospatial, a web application for geospatial data analysis, where user input to a URL field is not validated before being sent to a file-reading function. This allows attackers to make the server send requests to any destination they choose, a technique called SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems). The vulnerability affects code before a specific commit that patches the issue.