AI Sec Watch

A vulnerability in the LangChainLLM class (a component for running language models in the llama_index library) version v0.12.5 allows attackers to cause a Denial of Service (DoS, where a system becomes unresponsive). If a thread (a lightweight process running code in parallel) terminates unexpectedly before executing the language model prediction, the code lacks error handling and enters an infinite loop (code that never stops repeating), which can be triggered by providing incorrectly typed input.

A flaw in the Gradio application (version git 67e4044) on Windows allows attackers to bypass security protections and read files that should be blocked. The vulnerability exploits NTFS Alternate Data Streams (ADS, a Windows feature that lets files have hidden data attached to them) by using special syntax like 'C:/tmp/secret.txt::$DATA' to access blocked files that would normally be restricted.

CVE-2024-12065 is a local file inclusion vulnerability (a flaw that lets attackers read files they shouldn't have access to) in the LLaVA project at a specific code version. An attacker can request multiple crafted messages to a server and access any file on the system because the gradio web UI component (the interface users interact with) doesn't properly check user inputs for malicious content.

CVE-2024-12055 is a vulnerability in Ollama versions 0.3.14 and earlier that allows an attacker to upload a malicious gguf model file (a type of AI model format), which causes the server to crash when processing it. This is a Denial of Service attack (making a service unavailable), and the underlying issue is an out-of-bounds read (attempting to access memory locations that are outside the intended range) in the gguf.go file.

vllm version v0.6.2 has a vulnerability in its MessageQueue.dequeue() function that uses pickle.loads (a Python method that reconstructs objects from serialized data) to process data directly from network sockets without validation. An attacker can send a malicious serialized payload that causes RCE (remote code execution, where an attacker runs commands on a target system), allowing them to execute arbitrary code on a victim's machine.

CVE-2024-11037 is a path traversal vulnerability (a flaw where an attacker bypasses restrictions to access files outside the intended directory) in the gpt_academic project that allows attackers to read the config.py file containing sensitive data like OpenAI API keys by accessing a specific URL with an absolute file path, and it affects Windows systems.

Version 3.83 of gpt_academic contains an SSRF vulnerability (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems) in the Markdown_Translate.get_files_from_everything() API. The HotReload plugin only checks if links start with 'http', allowing attackers to download files from arbitrary web hosts using the server's credentials.

GPT Academic version 3.83 has a Server-Side Request Forgery (SSRF) vulnerability, which is a flaw where an attacker tricks the server into making web requests on their behalf, in its HotReload plugin. The vulnerability exists because the plugin calls an API function without checking the input for malicious content, allowing attackers to misuse the web server's access to reach unauthorized resources.

A vulnerability in langchain-core (a library used to build AI applications) versions 0.1.17-0.1.52, 0.2.0-0.2.42, and 0.3.0-0.3.14 allows attackers to read any file from a server's hard drive by manipulating prompt templates (pre-written instruction formats for AI models). If the AI then shows these file contents to users, sensitive information like passwords or private data could be exposed.