All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
DeepJavaLibrary (DJL), a framework for building deep learning applications in Java, has a path traversal vulnerability (CWE-22, a flaw where an attacker can access files outside intended directories) in versions 0.1.0 through 0.27.0. This flaw allows attackers to overwrite system files by inserting archived files from absolute paths into the system.
Fix: Upgrade to DJL version 0.28.0 or patch to DJL Large Model Inference containers version 0.27.0.
NVD/CVE DatabaseA security vulnerability in LangChain Experimental (a Python library for building AI applications) before version 0.0.61 allows users to access a Python REPL (read-eval-print loop, an interactive environment where code can be run directly) without requiring explicit permission. This issue happened because a previous attempt to fix a related vulnerability (CVE-2024-27444) was incomplete.
GitHub Copilot Chat, a VS Code extension that lets users ask questions about their code by sending it to an AI model, was vulnerable to prompt injection (tricking an AI by hiding instructions in its input) attacks. When analyzing untrusted source code, attackers could embed malicious instructions in the code itself, which would be sent to the AI and potentially lead to data exfiltration (unauthorized copying of sensitive information).
CVE-2024-0103 is a vulnerability in NVIDIA Triton Inference Server for Linux where incorrect initialization of resources caused by network issues could allow a user to disclose sensitive information. The vulnerability has a CVSS 4.0 severity rating, which measures the seriousness of security flaws on a scale of 0-10.
CVE-2024-0095 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models) for Linux and Windows that allows users to inject fake log entries and commands, potentially leading to code execution (running unauthorized programs), denial of service (making the system unavailable), privilege escalation (gaining higher access rights), information disclosure (exposing sensitive data), and data tampering (modifying information). The vulnerability stems from improper neutralization of log output, meaning the system doesn't properly sanitize or clean user input before adding it to logs.
Langflow versions up to 0.6.19 have a vulnerability that allows remote code execution (RCE, where attackers can run commands on a system they don't own) if untrusted users can access a specific API endpoint called POST /api/v1/custom_component and submit Python code through it. The vulnerability stems from code injection (CWE-94, where malicious code is inserted into a program), which happens because the application does not properly control how user-provided Python scripts are executed.
This article describes the EU AI Office, a newly established regulatory organization within the European Commission tasked with enforcing the AI Act (the world's first comprehensive binding AI regulation) across the European Union. Unlike other AI safety institutes in other countries, the EU AI Office has actual enforcement powers to require AI model providers to fix problems or remove non-compliant models from the market. The office will conduct model evaluations, investigate violations, and work with international partners to shape global AI governance standards.
The Tutor LMS plugin for WordPress (versions up to 2.7.1) has a security flaw called IDOR (insecure direct object reference, where attackers can access resources they shouldn't by manipulating object identifiers) in the 'attempt_delete' function. Instructors and higher-level users can exploit this missing validation to delete any quiz attempts, even those belonging to other users.
A vulnerability in the ONNX framework (version 1.16.0) allows attackers to overwrite any file on a system by uploading a malicious tar file (a compressed archive format) with specially crafted paths. Because the vulnerable function doesn't check whether file paths are safe before extracting the tar file, attackers could potentially execute malicious code, delete important files, or compromise system security.
BerriAI's litellm has a vulnerability (CVE-2024-4888) where the `/audio/transcriptions` endpoint improperly validates user input, allowing attackers to delete arbitrary files on the server without authorization. The flaw occurs because the code uses `os.remove()` (a function that deletes files) directly on user-supplied file paths, potentially exposing sensitive files like SSH keys or databases.
The gaizhenbiao/chuanhuchatgpt application has a path traversal vulnerability (a flaw that lets attackers access files outside their allowed directory) because it uses an outdated version of gradio (a library for building AI interfaces). This vulnerability allows attackers to bypass security restrictions and read sensitive files like `config.json` that contain API keys (secret credentials for accessing services).
MLflow version 2.11.1 has a vulnerability where attackers can create multiple models with the same name by using URL encoding (a technique that converts special characters into a format safe for web addresses). This allows attackers to cause denial of service (making a service unavailable) or data poisoning (inserting corrupted or malicious data), where an authenticated user might accidentally use a fake model instead of the real one because the system treats URL-encoded and regular names as different.
A Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick a server into making requests to unintended targets) exists in langchain version 0.1.5's Web Research Retriever component, which fails to block requests to local network addresses. This allows attackers to scan ports, access local services, read cloud metadata, and potentially execute arbitrary code (run commands on a system they don't own) by exploiting internal APIs.
MLflow version 8.2.1 has a command injection vulnerability (a flaw where attackers can execute arbitrary commands by inserting malicious code into a system command) in its HTTP dataset loading function. When loading datasets, the software doesn't properly clean up filenames from URLs, allowing attackers to write files anywhere on the system and potentially run harmful commands.
PyTorch Lightning version 2.2.1 has a critical vulnerability where attackers can execute arbitrary code on self-hosted applications by crafting malicious serialized data (deepdiff.Delta objects, which are used to represent changes to data). The vulnerability exists because the application doesn't properly block access to dunder attributes (special Python attributes starting with underscores), allowing attackers to bypass security restrictions and modify the application's state.
Gradio version 4.25 has a local file inclusion vulnerability (a security flaw where attackers can read files they shouldn't access) in its JSON component. The problem occurs because the `postprocess()` function doesn't properly validate user input before parsing it as JSON, and if the JSON contains a `path` key, the system automatically moves that file to a temporary directory where attackers can retrieve it using the `/file=..` endpoint.
EmailGPT has a prompt injection vulnerability (a technique where attackers hide malicious instructions in their input to trick the AI) that allows anyone with access to the service to manipulate it into leaking its internal system prompts or executing unintended commands. Attackers can exploit this by submitting specially crafted requests that trick the service into providing harmful information or performing actions it wasn't designed to do.
Fix: Update langchain_experimental to version 0.0.61 or later. A patch is available in the commit ce0b0f22a175139df8f41cdcfb4d2af411112009 and the version comparison between 0.0.60 and 0.0.61 shows the fix.
NVD/CVE DatabaseA vulnerability in scikit-learn's TfidfVectorizer (a tool that converts text into numerical data for machine learning) stored all words from training data in an attribute called `stop_words_`, instead of just the necessary ones, potentially leaking sensitive information like passwords or keys. The vulnerability affected versions up to 1.4.1.post1 but the risk depends on what type of data is being processed.
Fix: Fixed in version 1.5.0.
NVD/CVE DatabaseFix: A fixed version of chuanhuchatgpt was released on 20240305 (March 5, 2024). Users should upgrade to this version or later to resolve the vulnerability.
NVD/CVE DatabaseA Local File Inclusion vulnerability (LFI, a flaw that lets attackers read files they shouldn't access) was found in MLflow version 2.9.2. The bug exists because the application doesn't properly check the fragment part of web addresses (the section after the '#' symbol) for directory traversal sequences like '../', which allow attackers to navigate folders and read sensitive files like system password files.
Fix: The vulnerability was fixed in version 2.11.3.
NVD/CVE DatabaseFix: The issue is fixed in version 2.9.0.
NVD/CVE DatabaseA Server-Side Request Forgery vulnerability (SSRF, where a server can be tricked into making requests to unintended locations) exists in Gradio version 4.21.0 in the `/queue/join` endpoint and `save_url_to_cache` function. The vulnerability occurs because user-supplied URL input is not properly validated before being used to make HTTP requests, allowing attackers to access internal networks or sensitive cloud server information.