All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
The AI ChatBot WordPress plugin before version 4.4.9 has two security flaws in its code that handles OpenAI settings. First, it lacks authorization checks (meaning it doesn't verify who should be allowed to make changes), allowing even low-privilege users like subscribers to modify settings. Second, it's vulnerable to CSRF (cross-site request forgery, where an attacker tricks a logged-in user into making unwanted changes) and stored XSS (cross-site scripting, where malicious code gets saved and runs when others view the page).
Fix: Update the AI ChatBot WordPress plugin to version 4.4.9 or later.
NVD/CVE DatabaseTriton is a Minecraft plugin that translates server messages, but it has a vulnerability in its bungee mode (a feature for connecting multiple servers). When bungee mode is enabled, attackers can send a special packet through the 'triton:main' plugin channel to run any command on the server console, potentially making themselves administrators, stealing player information, or changing server settings.
CVE-2023-2356 is a relative path traversal vulnerability (a flaw that lets attackers access files outside their intended directory by manipulating file paths) found in MLflow versions before 2.3.1. This weakness could allow attackers to read or access files they shouldn't be able to reach on systems running the affected software.
IBM Watson Machine Learning on Cloud Pak for Data versions 4.0 and 4.5 has a vulnerability called SSRF (server-side request forgery, where an attacker tricks the system into making unauthorized network requests on their behalf). An authenticated attacker could exploit this to discover network details or launch other attacks.
MindsDB, a platform for building AI solutions, has a vulnerability in older versions where it unsafely extracts files from remote archives using `tarfile.extractall()` (a Python function that unpacks compressed files). An attacker could exploit this to overwrite any file that the server can access, similar to known attacks called TarSlip or ZipSlip (path traversal attacks, where files are extracted to unexpected locations).
CVE-2023-28312 is an information disclosure vulnerability in Azure Machine Learning, meaning unauthorized people could access sensitive data they shouldn't be able to see. The vulnerability involves improper access control (CWE-284, a weakness where the system doesn't properly check who is allowed to access what), and it was reported by Microsoft.
CVE-2023-29374 is a vulnerability in LangChain versions up to 0.0.131 where the LLMMathChain component is vulnerable to prompt injection attacks (tricking an AI by hiding instructions in its input), allowing attackers to execute arbitrary code through Python's exec method. This is a code execution vulnerability that could allow an attacker to run malicious commands on a system running the affected software.
MindsDB, an open source machine learning platform, has a vulnerability where it unsafely unpacks tar files (compressed archives) using a function that doesn't check if extracted files stay in the intended folder. An attacker could create a malicious tar file with a specially crafted filename (like `../../../../etc/passwd`) that tricks the system into writing files to sensitive system locations, potentially overwriting important system files on the server running MindsDB.
TensorFlow (an open-source machine learning framework) versions before 2.11.1 have a bug where a malicious invalid input can crash a model and trigger a denial of service attack (making a service unavailable by overwhelming it). The vulnerability exists in the Convolution3DTranspose function, which is commonly used in modern neural networks, and could be exploited if an attacker can send input to this function.
CVE-2023-28858 is a bug in redis-py (a Python library for connecting to Redis databases) versions before 4.5.3 where canceling an async command at the wrong moment leaves a connection open and can accidentally send response data from one request to a completely different client, due to an off-by-one error (miscounting by one position in the data stream).
TensorFlow, an open-source machine learning platform, has a bug where creating a tflite model (a lightweight version of a machine learning model for mobile devices) with a filter_input_channel parameter set to less than 1 causes an FPE (floating-point exception, a math error that crashes the program). This vulnerability stems from an incorrect comparison in the code.
TensorFlow, an open source machine learning platform, had a bug in two pooling functions (`nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2`) that required certain parameters to equal 1.0 because pooling on batch and channel dimensions (the different ways data is organized in the neural network) was not supported. This vulnerability was fixed in TensorFlow versions 2.12.0 and 2.11.1.
TensorFlow, an open source machine learning platform, has a bug in versions before 2.12.0 and 2.11.1 where the `tf.raw_ops.ParallelConcat` function crashes due to a null pointer dereference (trying to use a memory location that hasn't been set) when given a `shape` parameter with rank (dimensionality) of zero or less. This crash makes the program stop working unexpectedly.
TensorFlow, an open source machine learning platform, has a bug in versions before 2.12.0 and 2.11.1 where the `tf.raw_ops.Bincount` function crashes when given a `weights` parameter that doesn't match the shape of the `arr` parameter or isn't a length-0 tensor (a parameter with zero elements). This crash only happens when XLA (accelerated linear algebra, a compiler for machine learning) is enabled.
TensorFlow, an open source machine learning platform, has a null pointer error (a crash caused by the program trying to access memory that doesn't exist) in its RandomShuffle function when XLA (a compiler for machine learning) is enabled in versions before 2.12.0 and 2.11.1. This vulnerability has been assigned CVE-2023-25674.
TensorFlow (an open source machine learning platform) versions before 2.12.0 and 2.11.1 have a Floating Point Exception bug in TensorListSplit with XLA (a compiler that speeds up machine learning computations). This bug could cause the program to crash when certain operations are performed.
Fix: This issue has been fixed in version 3.8.4.
NVD/CVE DatabaseFix: Update MLflow to version 2.3.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342.
NVD/CVE DatabaseThis is a podcast episode about AI red teaming (simulated attacks to find weaknesses in AI systems) and threat modeling (planning for potential security risks) in machine learning systems. The episode explores how traditional security practices can be combined with machine learning security to better protect AI applications from attacks.
Fix: Upgrade to release 23.2.1.0 or later. The source explicitly states 'There are no known workarounds for this vulnerability,' so updating is the only mitigation mentioned.
NVD/CVE DatabaseLLM outputs are untrusted and can be manipulated through prompt injection (tricking an AI by hiding instructions in its input), which affects large language models in particular ways. This post addresses how to handle the risks of untrusted output when using AI systems in real applications.
Fix: A patch is available at https://github.com/hwchase17/langchain/pull/1119
NVD/CVE DatabaseFix: This issue has been addressed in version 22.11.4.3. Users are advised to upgrade. Users unable to upgrade should avoid ingesting archives from untrusted sources.
NVD/CVE DatabaseAI prompt injection is a vulnerability where attackers manipulate input given to AI systems, either directly (by controlling parts of the prompt themselves) or indirectly (by embedding malicious instructions in data the AI will later process, like web pages). These attacks can trick AI systems into ignoring their intended instructions and producing harmful, misleading, or inappropriate responses, similar to how SQL injection or cross-site scripting (XSS, a web attack that injects malicious code into websites) compromise other systems.
Fix: Upgrade to TensorFlow version 2.11.1 or later. The source states there are no known workarounds for this vulnerability.
NVD/CVE Database# Analysis ## Summary A user discovered that Bing Chat could be manipulated into describing illegal activities (like bank robbery) by using indirect language techniques, even though it refused to help when the user directly asked about hacking. This shows that the AI's safety filters, which are supposed to prevent harmful outputs, can be bypassed through clever wording rather than direct requests. ## Solution N/A -- no mitigation discussed in source.
Fix: Update redis-py to version 4.3.6, 4.4.3, or 4.5.3 or later. The patches are available in the official repository at https://github.com/redis/redis-py/ for each version.
NVD/CVE DatabaseFix: The issue has been patched in TensorFlow version 2.12. TensorFlow will also apply the fix to version 2.11.1. Users can reference the patch commit at https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or 2.11.1 or later, which contain the fix for this vulnerability.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or 2.11.1, which include a fix for this issue.
NVD/CVE DatabaseFix: Update TensorFlow to version 2.12.0 or 2.11.1, which include the fix for this null pointer error.
NVD/CVE DatabaseFix: Update to TensorFlow version 2.12.0 or version 2.11.1, where the fix is included.
NVD/CVE Database