Browse All

A vulnerability in the LangChainLLM class (a component for running language models in the llama_index library) version v0.12.5 allows attackers to cause a Denial of Service (DoS, where a system becomes unresponsive). If a thread (a lightweight process running code in parallel) terminates unexpectedly before executing the language model prediction, the code lacks error handling and enters an infinite loop (code that never stops repeating), which can be triggered by providing incorrectly typed input.

A flaw in the Gradio application (version git 67e4044) on Windows allows attackers to bypass security protections and read files that should be blocked. The vulnerability exploits NTFS Alternate Data Streams (ADS, a Windows feature that lets files have hidden data attached to them) by using special syntax like 'C:/tmp/secret.txt::$DATA' to access blocked files that would normally be restricted.

CVE-2024-12055 is a vulnerability in Ollama versions 0.3.14 and earlier that allows an attacker to upload a malicious gguf model file (a type of AI model format), which causes the server to crash when processing it. This is a Denial of Service attack (making a service unavailable), and the underlying issue is an out-of-bounds read (attempting to access memory locations that are outside the intended range) in the gguf.go file.

vllm version v0.6.2 has a vulnerability in its MessageQueue.dequeue() function that uses pickle.loads (a Python method that reconstructs objects from serialized data) to process data directly from network sockets without validation. An attacker can send a malicious serialized payload that causes RCE (remote code execution, where an attacker runs commands on a target system), allowing them to execute arbitrary code on a victim's machine.

Version 3.83 of gpt_academic contains an SSRF vulnerability (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems) in the Markdown_Translate.get_files_from_everything() API. The HotReload plugin only checks if links start with 'http', allowing attackers to download files from arbitrary web hosts using the server's credentials.

GPT Academic version 3.83 has a Server-Side Request Forgery (SSRF) vulnerability, which is a flaw where an attacker tricks the server into making web requests on their behalf, in its HotReload plugin. The vulnerability exists because the plugin calls an API function without checking the input for malicious content, allowing attackers to misuse the web server's access to reach unauthorized resources.

A vulnerability in langchain-core (a library used to build AI applications) versions 0.1.17-0.1.52, 0.2.0-0.2.42, and 0.3.0-0.3.14 allows attackers to read any file from a server's hard drive by manipulating prompt templates (pre-written instruction formats for AI models). If the AI then shows these file contents to users, sensitive information like passwords or private data could be exposed.

ChuanhuChatGPT version 20240918 has an unauthenticated Denial of Service vulnerability (DoS, a type of attack that makes a service unavailable) that can be triggered by sending specially formatted data with multipart boundaries or grouped characters. Even though a previous patch was applied, attackers can still exploit this by sending data in lines of 10 characters repeatedly, causing the system to get stuck processing and become unavailable.

A ReDoS (regular expression denial of service, where specially crafted text causes a regex pattern to take extremely long to process) vulnerability exists in Gradio's datetime component. An attacker can send a malicious input that makes the vulnerable regex pattern consume all of a server's CPU resources, causing the Gradio application to become unresponsive.

CVE-2024-8502 is a vulnerability in modelscope/agentscope v0.0.6a3 where the RpcAgentServerLauncher class unsafely deserializes (converts serialized data back into code) untrusted data using the dill library, allowing attackers to execute arbitrary commands on the server. The vulnerability exists in the AgentServerServicer.create_agent method, which directly deserializes user input without validation.

CVE-2024-12911 is a vulnerability in the `default_jsonalyzer` function of `JSONalyzeQueryEngine` in the llama_index library that allows attackers to perform SQL injection (inserting malicious SQL commands) through prompt injection (hiding hidden instructions in the AI's input). This can lead to arbitrary file creation and denial-of-service attacks (making a system unavailable by overwhelming it).

In gpt_academic version 3.83 and earlier, the CodeInterpreter plugin has a vulnerability where prompt injection (tricking an AI by hiding instructions in its input) allows attackers to inject malicious code. Because the application executes LLM-generated code without a sandbox (a restricted environment that isolates code from the main system), attackers can achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) and potentially take over the backend server.