All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-0116 is a vulnerability in NVIDIA Triton Inference Server that allows a user to trigger an out-of-bounds read (accessing memory outside the intended range) by releasing a shared memory region while another part of the program is still using it. A successful attack could cause a denial of service (making the service unavailable), though the severity rating has not yet been officially assigned.
Langflow up to version 1.0.18 contains a vulnerability in its HTTP POST Request Handler that causes inefficient regular expression complexity (ReDoS, a type of denial-of-service attack where maliciously crafted input makes pattern-matching code run very slowly) when processing the 'remaining_text' argument. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1 (medium severity) and has been publicly disclosed, though the vendor did not respond to early notification.
A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' versions before 2.1.0 has a vulnerability where it exposes the OpenAI API key (a secret credential used to access OpenAI's services) in cleartext (unencrypted, readable form), allowing anyone without authentication (login access) to steal it. This vulnerability is tracked as CVE-2024-7713 and was reported on September 27, 2024.
CVE-2024-4099 is a vulnerability in GitLab EE (a Git repository management tool) affecting versions 16.0-17.2.7, 17.3-17.3.3, and 17.4-17.4.0 where an AI feature failed to clean up unsanitized input, potentially allowing attackers to perform prompt injection (tricking the AI by hiding instructions in its input). The vulnerability has a CVSS score (a 0-10 severity rating) of 4.0, indicating low to moderate severity.
Monica AI Assistant desktop application v2.3.0 has a vulnerability where attackers can use prompt injection (tricking an AI by hiding instructions in its input) with a specially crafted image to steal sensitive chat data from the current session and send it to an attacker-controlled server. This flaw allows unauthorized people to access private information from users' conversations.
CVE-2024-40442 is a privilege escalation vulnerability (a security flaw where an attacker gains higher access levels than they should have) in Doccano v.1.8.4 and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this weakness by sending a specially crafted REST request (a malicious command sent over the web), which involves improper code injection (inserting malicious code into the system).
CVE-2024-40441 is a privilege escalation vulnerability (a bug that lets attackers gain higher-level access than they should have) in Doccano v.1.8.4, an open source tool for labeling data to train machine learning models, and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this by manipulating the model_attribs parameter to escalate their privileges.
LangChain Experimental versions 0.1.17 through 0.3.0 contain a vulnerability that allows attackers to execute arbitrary code (run malicious commands on a system) through a component called LLMSymbolicMathChain, which uses sympy.sympify (a function that evaluates mathematical expressions in an unsafe way). The root cause is improper input validation (failing to check that user input is safe before processing it).
A vulnerability in the ilab model serve component allows attackers to cause a Denial of Service (DoS, where a service becomes unavailable to legitimate users) by sending a large value for the best_of parameter to the vllm JSON web API (a web interface for accessing an LLM). The API doesn't properly manage timeouts or resource limits, so an attacker can exhaust system resources and crash the service.
CVE-2024-8768 is a bug in vLLM (a library for running large language models) where sending an API request with an empty prompt crashes the server, causing a denial of service (making the service unavailable to users). The flaw is classified as a reachable assertion vulnerability, meaning the code hits an unexpected condition it wasn't designed to handle.
A vulnerability in langchain's FAISS.deserialize_from_bytes function allows deserialization of untrusted data using pickle (a Python library that converts data into a format that can be stored or transmitted), which can lead to arbitrary command execution through the os.system function. This affects the latest version of the product and is classified as CWE-502 (deserialization of untrusted data).
The Triton Lite WordPress theme has a stored cross-site scripting vulnerability (XSS, where attackers inject malicious scripts that run when others view a page) in its Button shortcode's 'url' attribute, affecting all versions up to 1.3. Users with Contributor-level access or higher can inject arbitrary scripts that execute whenever someone visits an affected page due to insufficient input sanitization (cleaning of user input) and output escaping (converting special characters to prevent code execution).
A vulnerability in the Linux kernel's vmwgfx driver (which manages graphics for virtual machines) allowed coherent dumb buffers (memory areas used for graphics that stay synchronized between the virtual machine and host) to be used even when 3D graphics acceleration was disabled, wasting resources and causing graphics memory to run out on low-memory systems. The fix ensures these buffers are only created when 3D graphics support is actually enabled.
MindsDB versions 23.12.4.0 through 24.7.4.1 contain an arbitrary code execution vulnerability (the ability to run unwanted commands on a server) when the ChromaDB integration is installed. An attacker can craft a malicious 'INSERT' query containing Python code that gets executed on the server because the code is passed to an eval function (a function that runs text as if it were code).
MindsDB versions 23.10.3.0 through 24.7.4.1 have a vulnerability that allows arbitrary code execution (running unauthorized commands on a server) when the Weaviate integration is installed. An attacker can exploit this by crafting a malicious SQL SELECT WHERE clause containing Python code, which gets executed through an eval function (a function that interprets and runs code as if it were written in the program).
CVE-2024-45855 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.10.2.0 and newer where deserialization of untrusted data (converting data from an external format into code without checking if it's safe) can occur. An attacker can upload a malicious 'inhouse' model and use the 'finetune' feature to run arbitrary code (any commands they want) on the server.
A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' (versions before 2.1.0) has a security flaw where it doesn't properly check who is allowed to perform certain actions. This means someone without a user account can disconnect the plugin from OpenAI (the AI service it relies on), effectively breaking the chatbot. The vulnerable actions include connecting, disconnecting, and saving feedback.
Fix: Update the plugin to version 2.1.0 or later.
NVD/CVE DatabaseThe Chatbot with ChatGPT WordPress plugin before version 2.4.6 has a missing authorization flaw in one of its REST endpoints (a web interface for accessing the plugin's functions), which allows unauthenticated users (anyone without login credentials) to retrieve and decode an OpenAI API key (a secret credential that grants access to OpenAI's services). This vulnerability exposes the API key to attackers.
Fix: Update the Chatbot with ChatGPT WordPress plugin to version 2.4.6 or later.
NVD/CVE DatabaseAttackers can inject spyware into ChatGPT's memory (a feature that stores information across chat sessions) through prompt injection (tricking an AI by hiding instructions in its input) on untrusted websites, allowing them to continuously steal everything a user types in future conversations. The vulnerability exploits a weakness where a security check called url_safe was performed only on the user's device rather than on OpenAI's servers, and becomes more dangerous when combined with the Memory feature that persists attacker-controlled instructions. OpenAI released a fix for the macOS app, and users should update to the latest version.
Fix: OpenAI released a fix for the macOS app last week. Ensure your app is updated to the latest version.
Embrace The RedFix: A patch is available at https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7
NVD/CVE DatabaseCVE-2024-6587 is a server-side request forgery vulnerability (SSRF, a flaw that tricks a server into making requests to unintended locations) in litellm version 1.38.10 that lets users control where the application sends requests by setting the `api_base` parameter, potentially allowing attackers to intercept sensitive OpenAI API keys. A malicious user could redirect requests to their own domain and steal the API key, gaining unauthorized access to the OpenAI service.
Fix: A patch is available at https://github.com/berriai/litellm/commit/ba1912afd1b19e38d3704bb156adf887f91ae1e0
NVD/CVE DatabaseFix: Disable coherent dumb buffers when 3D graphics are not enabled. The kernel patch resolves this by ensuring coherent dumb buffers are only used on configurations with 3D enabled.
NVD/CVE Database