{"data":{"id":"028e75f7-7745-4707-b62c-61bb5b386fca","title":"CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act","summary":"Monica AI Assistant desktop application v2.3.0 has a vulnerability where attackers can use prompt injection (tricking an AI by hiding instructions in its input) with a specially crafted image to steal sensitive chat data from the current session and send it to an attacker-controlled server. This flaw allows unauthorized people to access private information from users' conversations.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-45989","publishedAt":"2024-09-26T18:15:08.667Z","cveId":"CVE-2024-45989","cweIds":["CWE-77"],"cvssScore":"4","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Monica AI Assistant"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00033,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}