All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Gradio, an open-source Python package for prototyping, has a vulnerability in CORS origin validation (the security check that verifies requests come from trusted websites). When a cookie is present, the server fails to validate the request's origin, allowing attackers to trick users into making unauthorized requests to their local Gradio server, potentially stealing files, authentication tokens, or user data.
Fix: Users should upgrade to gradio>4.44. Alternatively, as a workaround, users can manually modify the CustomCORSMiddleware class in their local Gradio server code to bypass the condition that skips CORS validation for requests containing cookies.
NVD/CVE DatabaseTaipy, an open-source Python library for building data applications, has a security flaw where session cookies are served without the Secure and HTTPOnly flags (security markers that prevent browsers from sending cookies over unencrypted connections and protect cookies from being accessed by JavaScript code). This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.3, indicating medium severity.
CVE-2024-43610 is a vulnerability in Microsoft Copilot Studio that allows an unauthenticated attacker to view sensitive information through a network attack. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is), meaning it poses a moderate risk to affected systems.
CVE-2024-9333 is a permissions bypass vulnerability in M-Files Connector for Copilot (a tool that integrates M-Files document management with AI assistants) that allows authenticated users (people who have already logged in) to access documents they shouldn't be able to see due to incorrect access control list calculations. The vulnerability has a CVSS score of 5.3 (a 0-10 rating of how severe a vulnerability is), which is rated as medium severity.
CVE-2024-0116 is a vulnerability in NVIDIA Triton Inference Server that allows a user to trigger an out-of-bounds read (accessing memory outside the intended range) by releasing a shared memory region while another part of the program is still using it. A successful attack could cause a denial of service (making the service unavailable), though the severity rating has not yet been officially assigned.
Langflow up to version 1.0.18 contains a vulnerability in its HTTP POST Request Handler that causes inefficient regular expression complexity (ReDoS, a type of denial-of-service attack where maliciously crafted input makes pattern-matching code run very slowly) when processing the 'remaining_text' argument. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1 (medium severity) and has been publicly disclosed, though the vendor did not respond to early notification.
A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' versions before 2.1.0 has a vulnerability where it exposes the OpenAI API key (a secret credential used to access OpenAI's services) in cleartext (unencrypted, readable form), allowing anyone without authentication (login access) to steal it. This vulnerability is tracked as CVE-2024-7713 and was reported on September 27, 2024.
CVE-2024-4099 is a vulnerability in GitLab EE (a Git repository management tool) affecting versions 16.0-17.2.7, 17.3-17.3.3, and 17.4-17.4.0 where an AI feature failed to clean up unsanitized input, potentially allowing attackers to perform prompt injection (tricking the AI by hiding instructions in its input). The vulnerability has a CVSS score (a 0-10 severity rating) of 4.0, indicating low to moderate severity.
Monica AI Assistant desktop application v2.3.0 has a vulnerability where attackers can use prompt injection (tricking an AI by hiding instructions in its input) with a specially crafted image to steal sensitive chat data from the current session and send it to an attacker-controlled server. This flaw allows unauthorized people to access private information from users' conversations.
CVE-2024-40442 is a privilege escalation vulnerability (a security flaw where an attacker gains higher access levels than they should have) in Doccano v.1.8.4 and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this weakness by sending a specially crafted REST request (a malicious command sent over the web), which involves improper code injection (inserting malicious code into the system).
CVE-2024-40441 is a privilege escalation vulnerability (a bug that lets attackers gain higher-level access than they should have) in Doccano v.1.8.4, an open source tool for labeling data to train machine learning models, and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this by manipulating the model_attribs parameter to escalate their privileges.
LangChain Experimental versions 0.1.17 through 0.3.0 contain a vulnerability that allows attackers to execute arbitrary code (run malicious commands on a system) through a component called LLMSymbolicMathChain, which uses sympy.sympify (a function that evaluates mathematical expressions in an unsafe way). The root cause is improper input validation (failing to check that user input is safe before processing it).
A vulnerability in the ilab model serve component allows attackers to cause a Denial of Service (DoS, where a service becomes unavailable to legitimate users) by sending a large value for the best_of parameter to the vllm JSON web API (a web interface for accessing an LLM). The API doesn't properly manage timeouts or resource limits, so an attacker can exhaust system resources and crash the service.
CVE-2024-8768 is a bug in vLLM (a library for running large language models) where sending an API request with an empty prompt crashes the server, causing a denial of service (making the service unavailable to users). The flaw is classified as a reachable assertion vulnerability, meaning the code hits an unexpected condition it wasn't designed to handle.
A vulnerability in langchain's FAISS.deserialize_from_bytes function allows deserialization of untrusted data using pickle (a Python library that converts data into a format that can be stored or transmitted), which can lead to arbitrary command execution through the os.system function. This affects the latest version of the product and is classified as CWE-502 (deserialization of untrusted data).
The Triton Lite WordPress theme has a stored cross-site scripting vulnerability (XSS, where attackers inject malicious scripts that run when others view a page) in its Button shortcode's 'url' attribute, affecting all versions up to 1.3. Users with Contributor-level access or higher can inject arbitrary scripts that execute whenever someone visits an affected page due to insufficient input sanitization (cleaning of user input) and output escaping (converting special characters to prevent code execution).
Fix: Upgrade to Taipy release version 4.0.0 or later. According to the source, 'This issue has been addressed in release version 4.0.0 and all users are advised to upgrade.' There are no known workarounds available.
NVD/CVE DatabaseFix: Update M-Files Connector for Copilot to version 24.9.3 or later.
NVD/CVE DatabaseA WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' (versions before 2.1.0) has a security flaw where it doesn't properly check who is allowed to perform certain actions. This means someone without a user account can disconnect the plugin from OpenAI (the AI service it relies on), effectively breaking the chatbot. The vulnerable actions include connecting, disconnecting, and saving feedback.
Fix: Update the plugin to version 2.1.0 or later.
NVD/CVE DatabaseThe Chatbot with ChatGPT WordPress plugin before version 2.4.6 has a missing authorization flaw in one of its REST endpoints (a web interface for accessing the plugin's functions), which allows unauthenticated users (anyone without login credentials) to retrieve and decode an OpenAI API key (a secret credential that grants access to OpenAI's services). This vulnerability exposes the API key to attackers.
Fix: Update the Chatbot with ChatGPT WordPress plugin to version 2.4.6 or later.
NVD/CVE DatabaseAttackers can inject spyware into ChatGPT's memory (a feature that stores information across chat sessions) through prompt injection (tricking an AI by hiding instructions in its input) on untrusted websites, allowing them to continuously steal everything a user types in future conversations. The vulnerability exploits a weakness where a security check called url_safe was performed only on the user's device rather than on OpenAI's servers, and becomes more dangerous when combined with the Memory feature that persists attacker-controlled instructions. OpenAI released a fix for the macOS app, and users should update to the latest version.
Fix: OpenAI released a fix for the macOS app last week. Ensure your app is updated to the latest version.
Embrace The RedFix: A patch is available at https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7
NVD/CVE DatabaseCVE-2024-6587 is a server-side request forgery vulnerability (SSRF, a flaw that tricks a server into making requests to unintended locations) in litellm version 1.38.10 that lets users control where the application sends requests by setting the `api_base` parameter, potentially allowing attackers to intercept sensitive OpenAI API keys. A malicious user could redirect requests to their own domain and steal the API key, gaining unauthorized access to the OpenAI service.
Fix: A patch is available at https://github.com/berriai/litellm/commit/ba1912afd1b19e38d3704bb156adf887f91ae1e0
NVD/CVE Database