All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-47868 is a data validation vulnerability (a flaw in how input data is checked) in Gradio, an open-source Python package for building AI demos. Attackers can exploit certain Gradio components by sending specially crafted requests that bypass input checks, allowing them to read and download sensitive files from a server that shouldn't be accessible. This risk is especially high for components that handle file data, like DownloadButton, Audio, ImageEditor, Chatbot, and others.
Fix: This issue has been resolved in gradio>5.0. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability.
NVD/CVE DatabaseGradio, an open-source Python package for prototyping, has a vulnerability where it downloads an FRP client (a tool for secure data tunneling) without checking if the file has been tampered with. An attacker who controls the download server could replace the legitimate FRP client with malicious code, and Gradio wouldn't detect this because it doesn't verify the file's checksum (a unique fingerprint) or signature (a digital seal of authenticity).
Gradio, an open-source Python package for building AI interfaces quickly, has a vulnerability where the enable_monitoring flag doesn't actually disable monitoring as intended. Even when a developer sets enable_monitoring=False to turn off monitoring, an attacker can still access sensitive analytics by directly requesting the /monitoring endpoint (a specific web address). This puts applications at risk of exposing data that was supposed to be hidden.
Gradio, an open-source Python package for building AI demos, has a vulnerability called SSRF (server-side request forgery, where an attacker tricks a server into making requests to URLs the attacker chooses) in its `/queue/join` endpoint. Attackers can exploit this to force the Gradio server to request internal or local network addresses, potentially stealing data or uploading malicious files, especially affecting applications using the Video component. Users should upgrade to Gradio version 5 or later to fix this issue.
Gradio, an open-source Python package for building quick demos, has a vulnerability called path traversal (a method where attackers manipulate file paths to access files outside their intended directory) in its `/custom_component` endpoint. Attackers can exploit this to read and leak source code from custom Gradio components, potentially exposing sensitive code that developers wanted to keep private, particularly affecting those hosting custom components on public servers.
Gradio, an open-source Python package for building AI demos, has a vulnerability where it incorrectly accepts requests from sources with a null origin (a security boundary used by web browsers). This happens because the `localhost_aliases` variable includes "null" as a valid CORS origin (cross-origin resource sharing, which controls what websites can access a server). Attackers could exploit this to steal sensitive data like login tokens or uploaded files from local Gradio deployments.
Gradio, an open-source Python package for building AI demos, has a vulnerability in its directory traversal check function that can be bypassed using special file path sequences (like `..` which means "go up one folder"). This could allow attackers to access files they shouldn't be able to reach, especially when uploading files, though exploiting it is difficult.
Gradio, an open-source Python package for prototyping, has a vulnerability in CORS origin validation (the security check that verifies requests come from trusted websites). When a cookie is present, the server fails to validate the request's origin, allowing attackers to trick users into making unauthorized requests to their local Gradio server, potentially stealing files, authentication tokens, or user data.
Taipy, an open-source Python library for building data applications, has a security flaw where session cookies are served without the Secure and HTTPOnly flags (security markers that prevent browsers from sending cookies over unencrypted connections and protect cookies from being accessed by JavaScript code). This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.3, indicating medium severity.
CVE-2024-43610 is a vulnerability in Microsoft Copilot Studio that allows an unauthenticated attacker to view sensitive information through a network attack. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is), meaning it poses a moderate risk to affected systems.
CVE-2024-9333 is a permissions bypass vulnerability in M-Files Connector for Copilot (a tool that integrates M-Files document management with AI assistants) that allows authenticated users (people who have already logged in) to access documents they shouldn't be able to see due to incorrect access control list calculations. The vulnerability has a CVSS score of 5.3 (a 0-10 rating of how severe a vulnerability is), which is rated as medium severity.
CVE-2024-0116 is a vulnerability in NVIDIA Triton Inference Server that allows a user to trigger an out-of-bounds read (accessing memory outside the intended range) by releasing a shared memory region while another part of the program is still using it. A successful attack could cause a denial of service (making the service unavailable), though the severity rating has not yet been officially assigned.
Langflow up to version 1.0.18 contains a vulnerability in its HTTP POST Request Handler that causes inefficient regular expression complexity (ReDoS, a type of denial-of-service attack where maliciously crafted input makes pattern-matching code run very slowly) when processing the 'remaining_text' argument. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1 (medium severity) and has been publicly disclosed, though the vendor did not respond to early notification.
A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' versions before 2.1.0 has a vulnerability where it exposes the OpenAI API key (a secret credential used to access OpenAI's services) in cleartext (unencrypted, readable form), allowing anyone without authentication (login access) to steal it. This vulnerability is tracked as CVE-2024-7713 and was reported on September 27, 2024.
CVE-2024-4099 is a vulnerability in GitLab EE (a Git repository management tool) affecting versions 16.0-17.2.7, 17.3-17.3.3, and 17.4-17.4.0 where an AI feature failed to clean up unsanitized input, potentially allowing attackers to perform prompt injection (tricking the AI by hiding instructions in its input). The vulnerability has a CVSS score (a 0-10 severity rating) of 4.0, indicating low to moderate severity.
Monica AI Assistant desktop application v2.3.0 has a vulnerability where attackers can use prompt injection (tricking an AI by hiding instructions in its input) with a specially crafted image to steal sensitive chat data from the current session and send it to an attacker-controlled server. This flaw allows unauthorized people to access private information from users' conversations.
CVE-2024-40442 is a privilege escalation vulnerability (a security flaw where an attacker gains higher access levels than they should have) in Doccano v.1.8.4 and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this weakness by sending a specially crafted REST request (a malicious command sent over the web), which involves improper code injection (inserting malicious code into the system).
CVE-2024-40441 is a privilege escalation vulnerability (a bug that lets attackers gain higher-level access than they should have) in Doccano v.1.8.4, an open source tool for labeling data to train machine learning models, and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this by manipulating the model_attribs parameter to escalate their privileges.
Fix: There is no direct workaround without upgrading. Users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.
NVD/CVE DatabaseFix: Users are advised to upgrade to gradio>=4.44 to address this issue.
NVD/CVE DatabaseFix: Upgrade to `gradio>=5`. As a workaround, disable or heavily restrict URL-based inputs to trusted domains only, implement allowlist-based URL validation (where only pre-approved URLs are accepted), and ensure that local or internal network addresses cannot be requested via the `/queue/join` endpoint.
NVD/CVE DatabaseFix: Users should upgrade to `gradio>=4.44`. As a workaround, developers can sanitize file paths and ensure that components are not stored in publicly accessible directories.
NVD/CVE DatabaseFix: Users are advised to upgrade to gradio>=5.0. As a workaround, users can manually modify the `localhost_aliases` list in their local Gradio deployment to exclude "null" as a valid origin, which will prevent the Gradio server from accepting requests from sandboxed iframes or sources with a null origin.
NVD/CVE DatabaseFix: Upgrade to `gradio>=5.0` to address this issue. As a workaround, manually sanitize and normalize file paths in your Gradio deployment before passing them to the `is_in_or_equal` function, ensuring all file paths are properly resolved as absolute paths (complete paths starting from the root) to mitigate the bypass vulnerabilities.
NVD/CVE DatabaseFix: Users should upgrade to gradio>4.44. Alternatively, as a workaround, users can manually modify the CustomCORSMiddleware class in their local Gradio server code to bypass the condition that skips CORS validation for requests containing cookies.
NVD/CVE DatabaseFix: Upgrade to Taipy release version 4.0.0 or later. According to the source, 'This issue has been addressed in release version 4.0.0 and all users are advised to upgrade.' There are no known workarounds available.
NVD/CVE DatabaseFix: Update M-Files Connector for Copilot to version 24.9.3 or later.
NVD/CVE DatabaseA WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' (versions before 2.1.0) has a security flaw where it doesn't properly check who is allowed to perform certain actions. This means someone without a user account can disconnect the plugin from OpenAI (the AI service it relies on), effectively breaking the chatbot. The vulnerable actions include connecting, disconnecting, and saving feedback.
Fix: Update the plugin to version 2.1.0 or later.
NVD/CVE DatabaseThe Chatbot with ChatGPT WordPress plugin before version 2.4.6 has a missing authorization flaw in one of its REST endpoints (a web interface for accessing the plugin's functions), which allows unauthenticated users (anyone without login credentials) to retrieve and decode an OpenAI API key (a secret credential that grants access to OpenAI's services). This vulnerability exposes the API key to attackers.
Fix: Update the Chatbot with ChatGPT WordPress plugin to version 2.4.6 or later.
NVD/CVE Database