Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
Gradio, an open-source Python package for prototyping, has a vulnerability in CORS origin validation (the security check that verifies requests come from trusted websites). When a cookie is present, the server fails to validate the request's origin, allowing attackers to trick users into making unauthorized requests to their local Gradio server, potentially stealing files, authentication tokens, or user data.
Fix: Users should upgrade to gradio>4.44. Alternatively, as a workaround, users can manually modify the CustomCORSMiddleware class in their local Gradio server code to bypass the condition that skips CORS validation for requests containing cookies.
NVD/CVE DatabaseTaipy, an open-source Python library for building data applications, has a security flaw where session cookies are served without the Secure and HTTPOnly flags (security markers that prevent browsers from sending cookies over unencrypted connections and protect cookies from being accessed by JavaScript code). This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.3, indicating medium severity.
CVE-2024-43610 is a vulnerability in Microsoft Copilot Studio that allows an unauthenticated attacker to view sensitive information through a network attack. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is), meaning it poses a moderate risk to affected systems.
CVE-2024-9333 is a permissions bypass vulnerability in M-Files Connector for Copilot (a tool that integrates M-Files document management with AI assistants) that allows authenticated users (people who have already logged in) to access documents they shouldn't be able to see due to incorrect access control list calculations. The vulnerability has a CVSS score of 5.3 (a 0-10 rating of how severe a vulnerability is), which is rated as medium severity.
CVE-2024-0116 is a vulnerability in NVIDIA Triton Inference Server that allows a user to trigger an out-of-bounds read (accessing memory outside the intended range) by releasing a shared memory region while another part of the program is still using it. A successful attack could cause a denial of service (making the service unavailable), though the severity rating has not yet been officially assigned.
Langflow up to version 1.0.18 contains a vulnerability in its HTTP POST Request Handler that causes inefficient regular expression complexity (ReDoS, a type of denial-of-service attack where maliciously crafted input makes pattern-matching code run very slowly) when processing the 'remaining_text' argument. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1 (medium severity) and has been publicly disclosed, though the vendor did not respond to early notification.
A WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' versions before 2.1.0 has a vulnerability where it exposes the OpenAI API key (a secret credential used to access OpenAI's services) in cleartext (unencrypted, readable form), allowing anyone without authentication (login access) to steal it. This vulnerability is tracked as CVE-2024-7713 and was reported on September 27, 2024.
CVE-2024-4099 is a vulnerability in GitLab EE (a Git repository management tool) affecting versions 16.0-17.2.7, 17.3-17.3.3, and 17.4-17.4.0 where an AI feature failed to clean up unsanitized input, potentially allowing attackers to perform prompt injection (tricking the AI by hiding instructions in its input). The vulnerability has a CVSS score (a 0-10 severity rating) of 4.0, indicating low to moderate severity.
Monica AI Assistant desktop application v2.3.0 has a vulnerability where attackers can use prompt injection (tricking an AI by hiding instructions in its input) with a specially crafted image to steal sensitive chat data from the current session and send it to an attacker-controlled server. This flaw allows unauthorized people to access private information from users' conversations.
CVE-2024-40442 is a privilege escalation vulnerability (a security flaw where an attacker gains higher access levels than they should have) in Doccano v.1.8.4 and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this weakness by sending a specially crafted REST request (a malicious command sent over the web), which involves improper code injection (inserting malicious code into the system).
CVE-2024-40441 is a privilege escalation vulnerability (a bug that lets attackers gain higher-level access than they should have) in Doccano v.1.8.4, an open source tool for labeling data to train machine learning models, and its Auto Labeling Pipeline module v.0.1.23. A remote attacker can exploit this by manipulating the model_attribs parameter to escalate their privileges.
LangChain Experimental versions 0.1.17 through 0.3.0 contain a vulnerability that allows attackers to execute arbitrary code (run malicious commands on a system) through a component called LLMSymbolicMathChain, which uses sympy.sympify (a function that evaluates mathematical expressions in an unsafe way). The root cause is improper input validation (failing to check that user input is safe before processing it).
A vulnerability in the ilab model serve component allows attackers to cause a Denial of Service (DoS, where a service becomes unavailable to legitimate users) by sending a large value for the best_of parameter to the vllm JSON web API (a web interface for accessing an LLM). The API doesn't properly manage timeouts or resource limits, so an attacker can exhaust system resources and crash the service.
CVE-2024-8768 is a bug in vLLM (a library for running large language models) where sending an API request with an empty prompt crashes the server, causing a denial of service (making the service unavailable to users). The flaw is classified as a reachable assertion vulnerability, meaning the code hits an unexpected condition it wasn't designed to handle.
A vulnerability in langchain's FAISS.deserialize_from_bytes function allows deserialization of untrusted data using pickle (a Python library that converts data into a format that can be stored or transmitted), which can lead to arbitrary command execution through the os.system function. This affects the latest version of the product and is classified as CWE-502 (deserialization of untrusted data).
MindsDB versions 23.12.4.0 through 24.7.4.1 contain an arbitrary code execution vulnerability (the ability to run unwanted commands on a server) when the ChromaDB integration is installed. An attacker can craft a malicious 'INSERT' query containing Python code that gets executed on the server because the code is passed to an eval function (a function that runs text as if it were code).
MindsDB versions 23.10.3.0 through 24.7.4.1 have a vulnerability that allows arbitrary code execution (running unauthorized commands on a server) when the Weaviate integration is installed. An attacker can exploit this by crafting a malicious SQL SELECT WHERE clause containing Python code, which gets executed through an eval function (a function that interprets and runs code as if it were written in the program).
Fix: Upgrade to Taipy release version 4.0.0 or later. According to the source, 'This issue has been addressed in release version 4.0.0 and all users are advised to upgrade.' There are no known workarounds available.
NVD/CVE DatabaseFix: Update M-Files Connector for Copilot to version 24.9.3 or later.
NVD/CVE DatabaseA WordPress plugin called 'AI ChatBot with ChatGPT and Content Generator by AYS' (versions before 2.1.0) has a security flaw where it doesn't properly check who is allowed to perform certain actions. This means someone without a user account can disconnect the plugin from OpenAI (the AI service it relies on), effectively breaking the chatbot. The vulnerable actions include connecting, disconnecting, and saving feedback.
Fix: Update the plugin to version 2.1.0 or later.
NVD/CVE DatabaseThe Chatbot with ChatGPT WordPress plugin before version 2.4.6 has a missing authorization flaw in one of its REST endpoints (a web interface for accessing the plugin's functions), which allows unauthenticated users (anyone without login credentials) to retrieve and decode an OpenAI API key (a secret credential that grants access to OpenAI's services). This vulnerability exposes the API key to attackers.
Fix: Update the Chatbot with ChatGPT WordPress plugin to version 2.4.6 or later.
NVD/CVE DatabaseFix: A patch is available at https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7
NVD/CVE DatabaseCVE-2024-6587 is a server-side request forgery vulnerability (SSRF, a flaw that tricks a server into making requests to unintended locations) in litellm version 1.38.10 that lets users control where the application sends requests by setting the `api_base` parameter, potentially allowing attackers to intercept sensitive OpenAI API keys. A malicious user could redirect requests to their own domain and steal the API key, gaining unauthorized access to the OpenAI service.
Fix: A patch is available at https://github.com/berriai/litellm/commit/ba1912afd1b19e38d3704bb156adf887f91ae1e0
NVD/CVE Database