AI Sec Watch

PyTorch versions before v2.2.0 contain a use-after-free vulnerability (a memory bug where code tries to access data that has already been freed) in the mobile interpreter component. This vulnerability was identified in the torch/csrc/jit/mobile/interpreter.cpp file.

PyTorch versions before v2.2.0 contain a heap buffer overflow vulnerability (a type of memory safety bug where a program writes data beyond allocated memory limits) in its runtime component that allows attackers to crash the software through specially crafted input. This is a Denial of Service attack, meaning the goal is to make the software unusable rather than steal data.

CVE-2024-3660 is a code injection vulnerability (a flaw that lets attackers insert and run harmful code) in TensorFlow's Keras framework (a machine learning library) affecting versions before 2.13. Attackers can exploit this to execute arbitrary code (run commands they choose) with the same permissions as the application using a vulnerable model.

MLflow (a machine learning platform) has a vulnerability where its URI parsing function incorrectly classifies certain file paths as non-local, allowing attackers to read sensitive files they shouldn't access. By crafting malicious model versions with specially crafted parameters, attackers can bypass security checks and read arbitrary files from the system.

LangChain's LocalFileStore feature has a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory by using special path sequences like '../'). An attacker can exploit this to read or write any files on the system, potentially stealing data or executing malicious code. The problem stems from the mset and mget methods not properly filtering user input before handling file paths.

BentoML (a framework for building AI applications) contains an insecure deserialization vulnerability that lets attackers run arbitrary commands on servers by sending specially crafted requests. When the framework deserializes (converts stored data back into usable objects) a malicious object, it automatically executes hidden OS commands, giving attackers control of the server.

CVE-2024-1594 is a path traversal vulnerability (a flaw that lets attackers access files outside their permitted directory) in MLflow's experiment creation feature. Attackers can exploit this by inserting a fragment component (#) into the artifact_location parameter to read arbitrary files on the server.

MLflow, a machine learning platform, has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) caused by improper handling of URL parameters. Attackers can use the semicolon (;) character to hide malicious path sequences in URLs, potentially gaining unauthorized access to sensitive files or compromising the server.

Gradio, a popular Python library for building AI interfaces, has a vulnerability in its `/component_server` endpoint that lets attackers call any method on a Component class with their own arguments. By exploiting a specific method called `move_resource_to_block_cache()`, attackers can copy files from the server's filesystem to a temporary folder and download them, potentially exposing sensitive data like API keys, especially when apps are shared online or hosted on platforms like Hugging Face.