aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6561 items

CVE-2023-6753: Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

highvulnerability
security
Dec 13, 2023
CVE-2023-6753

CVE-2023-6753 is a path traversal vulnerability (a security flaw where an attacker can access files outside the intended directory by using special path characters) found in MLflow versions before 2.9.2. The vulnerability allows unauthorized access to restricted files on a system running the affected software.

Fix: Update MLflow to version 2.9.2 or later. A patch is available at https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4.

NVD/CVE Database

Malicious ChatGPT Agents: How GPTs Can Quietly Grab Your Data (Demo)

highnews
securitysafety

CVE-2023-35625: Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

mediumvulnerability
security
Dec 12, 2023
CVE-2023-35625

CVE-2023-35625 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized users to access sensitive information through the SDK (software development kit, a collection of tools for building applications). The vulnerability is classified as an information disclosure issue, meaning private data could be exposed to people who shouldn't see it.

CVE-2023-6709: Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

highvulnerability
security
Dec 12, 2023
CVE-2023-6709

CVE-2023-6709 is a vulnerability in MLflow (a machine learning tool) versions before 2.9.2 involving improper neutralization of special elements in a template engine (a system that generates text by filling in placeholders in templates). This weakness could potentially allow attackers to manipulate how the software processes certain input data.

CVE-2023-6568: A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the han

mediumvulnerability
security
Dec 7, 2023
CVE-2023-6568EPSS: 33.4%

CVE-2023-43472: An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted requ

highvulnerability
security
Dec 5, 2023
CVE-2023-43472EPSS: 74.4%

Ekoparty Talk - Prompt Injections in the Wild

infonews
securityresearch

CVE-2023-48299: TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to versio

mediumvulnerability
security
Nov 21, 2023
CVE-2023-48299

TorchServe (a tool for running PyTorch machine learning models as web services) versions before 0.9.0 had a ZipSlip vulnerability (a flaw where an attacker can extract files outside the intended folder by crafting malicious archive files), allowing attackers to upload harmful code disguised in publicly available models that could execute on machines running TorchServe. The vulnerability affected the model and workflow management API, which handles uploaded files.

CVE-2023-46302: Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml htt

criticalvulnerability
security
Nov 20, 2023
CVE-2023-46302

Apache Submarine has a security vulnerability in how it handles YAML (a data format language) requests because it uses an unsafe library called snakeyaml. When users send YAML data to the application through its REST API (a system for receiving web requests), the unsafe handling could allow attackers to execute malicious code.

CVE-2023-6020: LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

highvulnerability
security
Nov 16, 2023
CVE-2023-6020EPSS: 81.4%

CVE-2023-6020 is a local file inclusion (LFI, a vulnerability that lets attackers read files they shouldn't access) in Ray's /static/ directory that allows attackers to read any file on the server without needing to log in. The vulnerability stems from missing authorization checks (the system doesn't verify whether a user should have access before serving files).

CVE-2023-6014: An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

criticalvulnerability
security
Nov 16, 2023
CVE-2023-6014

CVE-2023-6014 is a vulnerability in MLflow (a machine learning experiment tracking platform) that allows attackers to create user accounts without proper authentication (the process of verifying someone's identity). The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.0, indicating moderate severity.

CVE-2023-6021: LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed

highvulnerability
security
Nov 16, 2023
CVE-2023-6021EPSS: 87.3%

CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.

criticalvulnerability
security
Nov 16, 2023
CVE-2023-6018EPSS: 91.3%

CVE-2023-6018 is a vulnerability in MLflow (an open-source machine learning platform) that allows an attacker to overwrite any file on the server without needing to log in or authenticate. The vulnerability is caused by OS command injection (a flaw where special characters in user input are not properly filtered before being executed as system commands), which gives attackers the ability to run unauthorized commands on the server.

CVE-2023-6015: MLflow allowed arbitrary files to be PUT onto the server.

highvulnerability
security
Nov 16, 2023
CVE-2023-6015

CVE-2023-6015 is a vulnerability in MLflow that allows attackers to upload arbitrary files to the server using PUT requests. This is a path traversal vulnerability (CWE-22, where an attacker can write files outside the intended directory by manipulating file paths), with a CVSS severity score of 4.0 (a moderate-level security issue on a 0-10 scale).

CVE-2023-5245: FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the a

highvulnerability
security
Nov 15, 2023
CVE-2023-5245

CVE-2023-5245 is a vulnerability in FileUtil.extract() where zip file extraction does not check if file paths are outside the intended directory, allowing attackers to create files anywhere and potentially execute code when TensorflowModel processes a saved model. This is called path traversal (a technique where an attacker uses file paths like '../../../' to escape a restricted folder).

Hacking Google Bard - From Prompt Injection to Data Exfiltration

mediumnews
securitysafety

CVE-2023-46315: The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-

highvulnerability
security
Oct 22, 2023
CVE-2023-46315

The Infinite Image Browsing extension for Stable Diffusion web UI (a tool for generating images with AI) has a security flaw that allows attackers to read any file on a computer if Gradio authentication is enabled without a secret key configuration. Attackers can exploit this by manipulating URLs with /file?path= to access sensitive files, such as environment variables that might contain login credentials.

CVE-2023-32786: In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrar

highvulnerability
security
Oct 20, 2023
CVE-2023-32786

CVE-2023-32786 is a prompt injection vulnerability (tricking an AI by hiding instructions in its input) in Langchain version 0.0.155 and earlier that allows attackers to force the service to retrieve data from any URL they choose. This could lead to SSRF (server-side request forgery, where an attacker makes a server request data from unintended locations) and potentially inject harmful content into tasks that use the retrieved data.

Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio

mediumnews
security
Oct 19, 2023

Google Cloud's Vertex AI Generative AI Studio had a data exfiltration vulnerability caused by image markdown injection (a technique where attackers embed hidden commands in image references to steal data). The vulnerability was responsibly disclosed to Google and has been fixed.

CVE-2023-46229: LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an e

highvulnerability
security
Oct 19, 2023
CVE-2023-46229

LangChain versions before 0.0.317 have a vulnerability called SSRF (server-side request forgery, where an attacker tricks the application into making requests to unintended servers) in its recursive URL loader component. The flaw allows web crawling to move from an external server to an internal server that should not be accessible.

Previous285 / 329Next
Dec 12, 2023

A researcher demonstrated that malicious GPTs (custom ChatGPT agents) can secretly steal user data by embedding hidden images in conversations that send information to external servers, and can also trick users into sharing personal details like passwords. OpenAI's validation checks for publishing GPTs can be easily bypassed by slightly rewording malicious instructions, allowing harmful GPTs to be shared publicly, though the researcher reported these vulnerabilities to OpenAI in November 2023 without receiving a fix.

Embrace The Red
NVD/CVE Database

Fix: Update MLflow to version 2.9.2 or later. A patch is available at https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625.

NVD/CVE Database

MLflow, an open-source machine learning platform, has a reflected XSS (cross-site scripting, where an attacker injects malicious JavaScript that runs in a victim's browser) vulnerability in how it handles the Content-Type header in POST requests. An attacker can craft a malicious Content-Type header that gets sent back to the user without proper filtering, allowing arbitrary JavaScript code to execute in the victim's browser.

NVD/CVE Database

CVE-2023-43472 is a vulnerability in MLFlow (an open-source platform for managing machine learning workflows) versions 2.8.1 and earlier that allows a remote attacker to obtain sensitive information by sending a specially crafted request to the REST API (the interface that programs use to communicate with MLFlow). The vulnerability has a CVSS severity score of 4.0 (a moderate risk level on a scale of 0-10).

NVD/CVE Database
Nov 28, 2023

A security researcher presented at Ekoparty 2023 about prompt injections (attacks where malicious instructions are hidden in inputs to trick an AI into misbehaving) found in real-world LLM applications and chatbots like ChatGPT, Bing Chat, and Google Bard, demonstrating various exploits and discussing mitigations. The talk covered both basic LLM concepts and deep dives into how these attacks work across different AI platforms.

Embrace The Red

Fix: Upgrade to TorchServe version 0.9.0 or later. The fix validates the file paths in zip archives before extracting them to prevent files from being placed in unintended filesystem locations.

NVD/CVE Database

Fix: Users should upgrade to Apache Submarine version 0.8.0, which fixes this issue by replacing snakeyaml with jackson-dataformat-yaml. If upgrading is not possible, users can cherry-pick (apply a specific code fix from) PR https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

CVE-2023-6021 is a local file inclusion (LFI, a vulnerability where an attacker can read files from a server by manipulating file paths) in Ray's log API endpoint that allows attackers to read any file on the server without needing authentication. The vulnerability affects Ray versions before 2.8.1.

Fix: The issue is fixed in version 2.8.1+. Users should upgrade to Ray version 2.8.1 or later.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Nov 3, 2023

Google Bard's new Extensions feature allows it to access personal data like YouTube videos, Google Drive files, Gmail, and Google Docs. Because Bard analyzes this untrusted data, it is vulnerable to indirect prompt injection (a technique where hidden instructions in documents trick an AI into performing unintended actions), which a researcher demonstrated by getting Bard to summarize videos and documents.

Embrace The Red

Fix: Update to commit 977815a or later. The patch is available at https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19

NVD/CVE Database
NVD/CVE Database
Embrace The Red

Fix: Update LangChain to version 0.0.317 or later. Patches are available at https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8 and https://github.com/langchain-ai/langchain/pull/11925.

NVD/CVE Database