AI Sec Watch

streamlit-geospatial is a web application for mapping and geographic data analysis built with Streamlit (a Python framework for data apps). The application has a critical vulnerability where user input is passed directly into the `eval()` function (a command that executes text as code), allowing attackers to run arbitrary code on the server.

streamlit-geospatial, a tool for building map-based applications, has a vulnerability where user input is passed directly into the eval() function (a function that executes code text as if it were written in the program), allowing attackers to run arbitrary code on the server. The vulnerability existed in the `vis_params` variable handling in the Timelapse.py file before a specific code commit fixed it.

streamlit-geospatial is a Streamlit app (a Python framework for building data apps) for geospatial applications that had a vulnerability where user input for a palette variable was passed directly into the eval() function (a dangerous function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.

Open edX is a learning management platform (software that manages courses and students) where instructors upload CSV files (spreadsheet files with student data) to create student groups called cohorts. In certain versions, these uploaded files could become publicly accessible on AWS S3 buckets (cloud storage), exposing sensitive learner information to anyone on the internet.

Google Colab AI (now called Gemini in Colab) had a vulnerability where data could leak through image rendering, discovered in November 2023. The system prompt (hidden instructions that control how an AI behaves) specifically warned the AI not to render images, suggesting this was a known risk that Google tried to prevent.

OpenAI released gpt-4o-mini with safety improvements aimed at strengthening 'instruction hierarchy,' which is supposed to prevent users from tricking the AI into ignoring its built-in rules through commands like 'ignore all previous instructions.' However, researchers have already demonstrated bypasses of this protection, and analysis shows that system instructions (the AI's core rules) still cannot be fully trusted as a security boundary (a hard limit that stops attackers).

CVE-2024-6960 is a vulnerability in the H2O machine learning platform where the Iced format (a system for moving Java objects across a computer cluster) allows deserialization of any Java class without restrictions. An attacker can create a malicious model using Java gadgets (pre-built code snippets that can be chained together for attacks) that executes arbitrary code when imported into H2O.

TorchServe (a tool for running PyTorch machine learning models in production) has a security flaw where two communication ports, 7070 and 7071, are exposed to all network interfaces instead of being restricted to localhost (the local machine only). This means anyone on a network could potentially access these ports. The vulnerability has been fixed and is available in TorchServe version 0.11.0.

TorchServe (a tool for running machine learning models in production) has a security flaw where its allowed_urls check (a restriction on which websites models can be downloaded from) can be bypassed using special characters like ".." in the URL. Once a model file is downloaded through this bypass, it can be used again without the security check, effectively removing the protection.