All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-7776 is a vulnerability in the ONNX framework (a tool for machine learning models) version 1.16.1 and earlier, where the `download_model` function fails to properly block path traversal attacks (a technique where attackers use special file path sequences to access files outside the intended directory). An attacker could exploit this to overwrite files on a user's system, potentially leading to remote code execution (running malicious commands on the victim's computer).
MLflow version v2.13.2 has a vulnerability that allows someone to create or rename an experiment with an extremely long name containing many numbers, which causes the MLflow UI (user interface panel) to stop responding, creating a denial of service (when a system becomes unusable). The problem exists because there are no limits on how long experiment names or the artifact_location parameter can be.
CVE-2024-6577 is a vulnerability in PyTorch Serve where a script called 'upload_results_to_s3.sh' references an Amazon S3 bucket (a cloud storage service) without verifying that the script's creators actually own or control it, potentially allowing unauthorized access to sensitive data stored in that bucket.
Dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability, which is a weakness where an attacker tricks a server into making requests to unintended targets. Through the 'Create Custom Tool' REST API endpoint, attackers can manipulate the URL parameter to make the victim's server access unauthorized web resources using the server's own credentials.
A ReDoS (regular expression denial of service, where a poorly designed search pattern can be exploited to consume excessive computer processing power) vulnerability was found in the huggingface/transformers library version 4.46.3, specifically in code that processes text tokens. An attacker could send specially crafted input that causes the regex to work inefficiently, using up all the CPU and crashing the application.
A vulnerability in the LangChainLLM class (a component for running language models in the llama_index library) version v0.12.5 allows attackers to cause a Denial of Service (DoS, where a system becomes unresponsive). If a thread (a lightweight process running code in parallel) terminates unexpectedly before executing the language model prediction, the code lacks error handling and enters an infinite loop (code that never stops repeating), which can be triggered by providing incorrectly typed input.
A flaw in the Gradio application (version git 67e4044) on Windows allows attackers to bypass security protections and read files that should be blocked. The vulnerability exploits NTFS Alternate Data Streams (ADS, a Windows feature that lets files have hidden data attached to them) by using special syntax like 'C:/tmp/secret.txt::$DATA' to access blocked files that would normally be restricted.
CVE-2024-12065 is a local file inclusion vulnerability (a flaw that lets attackers read files they shouldn't have access to) in the LLaVA project at a specific code version. An attacker can request multiple crafted messages to a server and access any file on the system because the gradio web UI component (the interface users interact with) doesn't properly check user inputs for malicious content.
CVE-2024-12055 is a vulnerability in Ollama versions 0.3.14 and earlier that allows an attacker to upload a malicious gguf model file (a type of AI model format), which causes the server to crash when processing it. This is a Denial of Service attack (making a service unavailable), and the underlying issue is an out-of-bounds read (attempting to access memory locations that are outside the intended range) in the gguf.go file.
vllm version v0.6.2 has a vulnerability in its MessageQueue.dequeue() function that uses pickle.loads (a Python method that reconstructs objects from serialized data) to process data directly from network sockets without validation. An attacker can send a malicious serialized payload that causes RCE (remote code execution, where an attacker runs commands on a target system), allowing them to execute arbitrary code on a victim's machine.
CVE-2024-11037 is a path traversal vulnerability (a flaw where an attacker bypasses restrictions to access files outside the intended directory) in the gpt_academic project that allows attackers to read the config.py file containing sensitive data like OpenAI API keys by accessing a specific URL with an absolute file path, and it affects Windows systems.
Version 3.83 of gpt_academic contains an SSRF vulnerability (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems) in the Markdown_Translate.get_files_from_everything() API. The HotReload plugin only checks if links start with 'http', allowing attackers to download files from arbitrary web hosts using the server's credentials.
GPT Academic version 3.83 has a Server-Side Request Forgery (SSRF) vulnerability, which is a flaw where an attacker tricks the server into making web requests on their behalf, in its HotReload plugin. The vulnerability exists because the plugin calls an API function without checking the input for malicious content, allowing attackers to misuse the web server's access to reach unauthorized resources.
A vulnerability in langchain-core (a library used to build AI applications) versions 0.1.17-0.1.52, 0.2.0-0.2.42, and 0.3.0-0.3.14 allows attackers to read any file from a server's hard drive by manipulating prompt templates (pre-written instruction formats for AI models). If the AI then shows these file contents to users, sensitive information like passwords or private data could be exposed.
CVE-2024-10707 is a local file inclusion vulnerability (a security flaw where an attacker can read files they shouldn't access) in chuanhuchatgpt version git d4ec6a3. The vulnerability exists because the software uses a component called gr.JSON from gradio that has a known security issue, allowing unauthenticated users to upload specially crafted JSON files and read arbitrary files on the server due to improper input validation.
ChuanhuChatGPT version 20240918 has an unauthenticated Denial of Service vulnerability (DoS, a type of attack that makes a service unavailable) that can be triggered by sending specially formatted data with multipart boundaries or grouped characters. Even though a previous patch was applied, attackers can still exploit this by sending data in lines of 10 characters repeatedly, causing the system to get stuck processing and become unavailable.
CVE-2024-10648 is a path traversal vulnerability (a flaw where an attacker manipulates file paths to access unintended files) in Gradio's Audio component that lets attackers control audio file formats and delete file contents, potentially causing a denial of service (a situation where a system becomes unavailable to legitimate users). By changing the output format, an attacker can empty any file on the server.
A ReDoS (regular expression denial of service, where specially crafted text causes a regex pattern to take extremely long to process) vulnerability exists in Gradio's datetime component. An attacker can send a malicious input that makes the vulnerable regex pattern consume all of a server's CPU resources, causing the Gradio application to become unresponsive.
CVE-2024-10569 is a vulnerability in Gradio's dataframe component that allows a zip bomb attack (a compressed file designed to crash systems when decompressed). An attacker can upload a malicious compressed file, which the component processes using pd.read_csv (a function that reads spreadsheet data), causing the server to crash and become unavailable.
CVE-2024-10188 is a vulnerability in BerriAI/litellm that allows unauthenticated users to crash the litellm Python server by exploiting unsafe input parsing. The vulnerability exists because the code uses ast.literal_eval (a Python function that evaluates code, which is not safe for untrusted input) to process user-supplied data, making it vulnerable to DoS (denial of service, where attackers make a service unavailable) attacks.
Fix: Update langchain-core to version 0.1.53 or later, 0.2.43 or later, or 0.3.15 or later.
NVD/CVE Database