All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Gradio is an open-source Python package for building web applications, but versions before 5.5.0 have a vulnerability in the File and UploadButton components that allows attackers to read any files from the application server by exploiting path traversal (a technique where attackers use file paths like '../../../' to access files outside their intended directory). This happens when these components are used to preview file content.
Fix: Upgrade to Gradio release version 5.5.0 or later. The source explicitly states: 'This issue has been addressed in release version 5.5.0 and all users are advised to upgrade.'
NVD/CVE DatabaseLangflow version 1.0.18 and earlier has a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) because components with code functionality execute on the local machine instead of in a sandbox (an isolated environment that limits what code can access). This allows any component to potentially execute arbitrary code.
Gradio version 4.42.0 and earlier contain a server-side request forgery vulnerability (SSRF, a flaw where a server can be tricked into making requests to unintended targets) in the gr.DownloadButton function. The issue exists because the save_url_to_cache function doesn't validate URLs properly, allowing attackers to download local files and access sensitive information from the server.
Ollama before version 0.1.34 has a vulnerability where the CreateModelHandler function improperly reads user-controlled file paths without limits, allowing an attacker to specify a blocking file like /dev/random, which causes a goroutine (a lightweight process in Go) to run infinitely and consume resources even after the user cancels their request. This is a resource exhaustion (CWE-404: Improper Resource Shutdown or Release) issue that can disrupt service availability.
A vulnerability in Ollama before version 0.1.46 allows an attacker to crash the application by uploading a malformed GGUF file (a model format file) using two HTTP requests and then referencing it in a custom Modelfile. This causes a segmentation fault (a type of crash where the program tries to access memory it shouldn't), making the application unavailable.
Ollama versions through 0.3.14 have a vulnerability where the api/create endpoint leaks information about which files exist on the server. When someone calls the CreateModel route with a path that doesn't exist, the server returns an error message saying 'File does not exist', which allows attackers to probe the server's file system.
A vulnerability in langchain version 0.2.5's GraphCypherQAChain class allows attackers to use prompt injection (tricking an AI by hiding instructions in its input) to perform SQL injection attacks on databases. This can let attackers steal data, delete information, disrupt services, or access data they shouldn't have access to, especially in systems serving multiple users.
CVE-2024-7774 is a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory) in langchain-ai/langchainjs version 0.2.5 that allows attackers to save, overwrite, read, and delete files anywhere on a system. The vulnerability exists in the `getFullPath` method and related functions because they do not properly filter or validate user input before handling file paths.
A vulnerability exists in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 that allows prompt injection (tricking an AI by hiding instructions in its input), which can lead to SQL injection (inserting malicious database commands). This vulnerability could allow attackers to manipulate data, steal sensitive information, delete data to cause service outages, or breach security in systems serving multiple users.
N-LINE version 2.0.6 and earlier contain a code injection vulnerability (CWE-94, a flaw where an attacker can insert malicious code into an application), which could allow attackers to execute arbitrary code on an instructor's browser or redirect them to a malicious website. The vulnerability was reported by JPCERT/CC and assigned CVE-2024-47158 on October 25, 2024.
CVE-2024-48142 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in text sent to an AI) in Monica ChatGPT AI Assistant v2.4.0 that lets attackers steal all chat messages between a user and the AI through a specially crafted message.
A prompt injection vulnerability (tricking an AI by hiding instructions in its input) was found in Monica Your AI Copilot v6.3.0, a ChatGPT-powered browser extension. Attackers can exploit this flaw by sending a specially crafted message to access and steal all chat data between the user and the AI assistant, both from past conversations and future ones.
CVE-2024-48145 is a prompt injection vulnerability (a type of attack where malicious instructions are hidden in text input to an AI system) in Netangular Technologies ChatNet AI Version v1.0 that allows attackers to steal all chat data between users and the AI by sending a specially crafted message. The vulnerability is classified under CWE-77 (improper neutralization of special elements used in commands), meaning the system fails to properly filter dangerous input before processing it.
CVE-2024-48144 is a prompt injection vulnerability (tricking an AI by hiding instructions in its input) in Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 that allows attackers to craft a malicious message in the chatbox to steal all previous and future conversations between the user and the AI assistant. The vulnerability is caused by improper handling of special elements in user input (CWE-77, a weakness in command injection prevention).
CVE-2024-48141 is a prompt injection vulnerability (a technique where an attacker hides malicious instructions in text sent to an AI) in Zhipu AI CodeGeeX version 2.17.0's chatbox. An attacker can craft a message to trick the AI into leaking all previous and future chat conversations between the user and the assistant.
CVE-2024-48139 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in messages sent to an AI) in Blackbox AI version 1.3.95 that allows attackers to steal all chat messages between a user and the AI by sending a specially crafted message. This vulnerability is classified as a command injection flaw (where attackers manipulate input to execute unintended commands).
Ollama before version 0.1.46 has a security flaw where attackers can use path traversal (a technique that manipulates file paths to access files outside their intended directory) in the api/push route to discover which files exist on the server. This allows an attacker to learn information about the server's file system that should be private.
Fix: Update Ollama to version 0.1.46 or later.
NVD/CVE DatabaseFix: Update Ollama to version 0.1.34 or later.
NVD/CVE DatabaseFix: Update Ollama to version 0.1.46 or later.
NVD/CVE DatabaseLangflow v1.0.12 contains a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in its PythonCodeTool component. This flaw allows attackers to execute arbitrary code through the tool. The vulnerability was publicly disclosed in October 2024.
PyTorch versions 2.4.1 and earlier contain a vulnerability in RemoteModule that allows RCE (remote code execution, where an attacker can run commands on a system they don't own) through deserialization of untrusted data. However, multiple parties dispute whether this is actually a security flaw, arguing it is intended behavior in PyTorch's distributed computing features (tools for running AI computations across multiple machines).
Fix: A patch is available at https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9
NVD/CVE DatabaseClaude Computer Use is a new AI tool from Anthropic that lets Claude take screenshots and run commands on computers autonomously. The feature carries serious security risks because of prompt injection (tricking an AI by hiding malicious instructions in its input), which could allow attackers to make Claude execute unwanted commands on machines it controls.