AI Sec Watch

TensorFlow, an open-source machine learning framework, has a bug in its `Dequantize` function where the `axis` parameter (which specifies which dimension to operate on) isn't properly validated. This allows attackers to read past the end of an array in memory, potentially causing crashes or exposing sensitive data through a heap OOB (out-of-bounds) access, which means reading memory locations outside the intended storage area.

A vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition's JAXP component (a Java library for processing XML data) allows an attacker on the network to read some data they shouldn't have access to without needing to log in. The vulnerability affects several older versions of Java and can be exploited through web services or untrusted code running in a Java sandbox (a restricted environment meant to safely run untrusted programs).

Log4Shell is a critical vulnerability in Apache's log4j library (a widely-used Java logging tool) that allows remote code execution (running commands on a system from afar) through its Java Naming and Directory Interface support. The vulnerability is particularly dangerous because log4j is used in many Java applications and is easy to exploit. The source mentions that patches were released to fix the issue, though it also notes that bypasses to those patches were discovered, leading to additional patches.

pytorch-lightning (a popular machine learning library) contains a vulnerability related to deserialization of untrusted data (CWE-502, where a program unsafely processes data from an untrusted source, potentially allowing an attacker to run malicious code). The vulnerability was identified and reported through the huntr.dev bug bounty program.

Gradio, a framework for building interactive machine learning demos, had a vulnerability in versions before 2.5.0 where users could read any file on the host computer if they knew the file path, since file access wasn't restricted (though files could only be opened in read-only mode). This meant anyone with a link to a Gradio interface could potentially access sensitive files on the server.

Sockeye, an open-source tool for Neural Machine Translation (a type of AI that translates text between languages), had a security flaw in versions before 2.3.24 where it used unsafe YAML loading (a method to read configuration files without proper safety checks). An attacker could hide malicious code in a model's configuration file, and if a user downloaded and ran that model, the hidden code would execute on their computer.

Aim is an open-source tool for tracking machine learning experiments. Versions before 3.1.0 have a path traversal vulnerability (a type of attack where special sequences like '../' are used to access files outside the intended directory), which could allow attackers to read sensitive files like source code, configuration files, or system files on the server.

TensorFlow's `saved_model_cli` tool (a command-line utility for working with machine learning models) has a code injection vulnerability because it runs `eval` on user-supplied strings, which could allow attackers to execute arbitrary code on the system. The risk is limited since the tool is only run manually by users, not automatically.

TensorFlow (an open source machine learning platform) has a vulnerability in the `ImmutableConst` operation that allows attackers to read arbitrary memory contents. The issue occurs because the operation doesn't properly handle a special type of string called `tstring` that can reference memory-mapped data.