All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Haystack is a framework for building applications with LLMs (large language models) and AI tools, but versions before 2.3.1 have a critical vulnerability where attackers can execute arbitrary code if they can create and render Jinja2 templates (template engines that generate dynamic text). This affects Haystack clients that allow users to create and run Pipelines, which are workflows that process data through multiple steps.
Fix: The vulnerability has been fixed in Haystack version 2.3.1. Users should upgrade to this version or later.
NVD/CVE DatabaseA bug in TensorFlow (an open source platform for building machine learning models) causes a segfault (a crash where the program tries to access memory it shouldn't) when the `array_ops.upper_bound` function receives input that is not a rank 2 tensor (a two-dimensional array of numbers).
Langflow versions before 1.0.13 have a privilege escalation vulnerability (a security flaw where an attacker gains higher access rights than they should have) that lets a remote attacker with low privileges become a super admin by sending a specially crafted request to the '/api/v1/users' endpoint using mass assignment (a technique where an attacker modifies multiple fields at once by exploiting how the application handles user input).
Microsoft's Copilot Studio is a low-code platform that lets employees build chatbots, but it has security risks including data leaks and unauthorized access when Copilots are misconfigured. The post warns that external attackers can find and interact with improperly set-up Copilots, and discusses how to protect organizational data using security controls.
CVE-2024-41120 is a vulnerability in streamlit-geospatial, a web application for geospatial data analysis, where user input to a URL field is not validated before being sent to a file-reading function. This allows attackers to make the server send requests to any destination they choose, a technique called SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems). The vulnerability affects code before a specific commit that patches the issue.
streamlit-geospatial is a web application for working with geographic data, but it has a critical vulnerability where user input is directly passed to the eval() function (a dangerous Python function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.
streamlit-geospatial, an application for mapping geographic data, has a vulnerability where user input is passed directly to a function that makes web requests to any server the attacker specifies, known as SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests on their behalf). This allows attackers to make the application send requests to arbitrary destinations.
streamlit-geospatial, an application for working with geographic data in Streamlit (a Python framework for building data apps), has a vulnerability where user input is directly passed to the eval() function (which executes code from text), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.
streamlit-geospatial is a mapping application built with Streamlit (a framework for creating data apps). Before a certain update, the app took user input into a variable called `vis_params` and then ran it through the `eval()` function (which executes code), allowing attackers to run arbitrary commands on the server.
CVE-2024-41115 is a vulnerability in streamlit-geospatial (a tool for working with maps and geographic data in Streamlit, a Python framework for building data apps) where user input is passed directly into the eval() function (a dangerous function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability existed in the `palette` variable handling on line 488-493 of the timelapse page file.
streamlit-geospatial is a web application for mapping and geographic data analysis built with Streamlit (a Python framework for data apps). The application has a critical vulnerability where user input is passed directly into the `eval()` function (a command that executes text as code), allowing attackers to run arbitrary code on the server.
streamlit-geospatial, a tool for building map-based applications, has a vulnerability where user input is passed directly into the eval() function (a function that executes code text as if it were written in the program), allowing attackers to run arbitrary code on the server. The vulnerability existed in the `vis_params` variable handling in the Timelapse.py file before a specific code commit fixed it.
streamlit-geospatial is a Streamlit app (a Python framework for building data apps) for geospatial applications that had a vulnerability where user input for a palette variable was passed directly into the eval() function (a dangerous function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.
Starship is a cross-shell prompt (a tool that customizes how your terminal looks and behaves across different shells). From version 1.0.0 through 1.19.x, the tool had unclear rules for shell expansion and quoting (how special characters are interpreted), making it easy to accidentally create shell injection vulnerabilities (where untrusted input is executed as commands) when using custom commands in bash. This mainly affects users who have set up custom commands in Starship.
Open edX is a learning management platform (software that manages courses and students) where instructors upload CSV files (spreadsheet files with student data) to create student groups called cohorts. In certain versions, these uploaded files could become publicly accessible on AWS S3 buckets (cloud storage), exposing sensitive learner information to anyone on the internet.
The MasterStudy LMS WordPress Plugin (a learning management system add-on for WordPress) before version 3.3.24 has a security flaw where students can create instructor accounts, giving them access to features they shouldn't be able to use. This vulnerability allows unauthorized privilege escalation (gaining higher-level permissions than intended).
CVE-2024-6960 is a vulnerability in the H2O machine learning platform where the Iced format (a system for moving Java objects across a computer cluster) allows deserialization of any Java class without restrictions. An attacker can create a malicious model using Java gadgets (pre-built code snippets that can be chained together for attacks) that executes arbitrary code when imported into H2O.
TorchServe (a tool for running PyTorch machine learning models in production) has a security flaw where two communication ports, 7070 and 7071, are exposed to all network interfaces instead of being restricted to localhost (the local machine only). This means anyone on a network could potentially access these ports. The vulnerability has been fixed and is available in TorchServe version 0.11.0.
Fix: The fix is included in TensorFlow 2.13 and has also been applied to TensorFlow 2.12 through a cherrypick commit (applying a specific code change to an older version).
NVD/CVE DatabaseFix: Upgrade Langflow to version 1.0.13 or later.
NVD/CVE DatabaseFix: Enable Data Loss Prevention (DLP, a security feature that prevents sensitive information from being shared), which is currently off by default in Copilot Studio.
Embrace The RedFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. Users should update to the version containing this commit.
NVD/CVE DatabaseFix: Update to commit c4f81d9616d40c60584e36abb15300853a66e489 or later, which fixes the vulnerability by removing the dangerous eval() call that accepted unsanitized user input.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue, as referenced in the source material.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. Users should update to the version containing this commit.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
NVD/CVE DatabaseFix: Update to commit c4f81d9616d40c60584e36abb15300853a66e489 or later, which fixes the issue by removing the unsafe use of eval() with user input.
NVD/CVE DatabaseFix: Upgrade to version 1.20.0, which fixes the vulnerability.
NVD/CVE DatabaseFix: The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL (access control list, which controls who can view files). Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access.
NVD/CVE DatabaseGoogle Colab AI (now called Gemini in Colab) had a vulnerability where data could leak through image rendering, discovered in November 2023. The system prompt (hidden instructions that control how an AI behaves) specifically warned the AI not to render images, suggesting this was a known risk that Google tried to prevent.
OpenAI released gpt-4o-mini with safety improvements aimed at strengthening 'instruction hierarchy,' which is supposed to prevent users from tricking the AI into ignoring its built-in rules through commands like 'ignore all previous instructions.' However, researchers have already demonstrated bypasses of this protection, and analysis shows that system instructions (the AI's core rules) still cannot be fully trusted as a security boundary (a hard limit that stops attackers).
Fix: Update the MasterStudy LMS WordPress Plugin to version 3.3.24 or later.
NVD/CVE DatabaseFix: Upgrade to TorchServe release 0.11.0, which includes the fix for this vulnerability. The fix was implemented in pull request #3083.
NVD/CVE Database