{"data":{"id":"2b440f3a-f02d-4c8a-b6d8-4d7bb88db81e","title":"CVE-2024-5185: The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result","summary":"EmbedAI has a security flaw that allows data poisoning attacks (injecting false or harmful information into an AI system) through a CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website they're logged into). An attacker can direct users to a malicious webpage that exploits weak session management and CORS policies (which control what external websites can access the application), tricking them into uploading bad data that corrupts the application's language model.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-5185","publishedAt":"2024-05-29T13:15:50.003Z","cveId":"CVE-2024-5185","cweIds":["CWE-352"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["EmbedAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00099,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"training_data","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}