Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
CVE-2024-45855 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.10.2.0 and newer where deserialization of untrusted data (converting data from an external format into code without checking if it's safe) can occur. An attacker can upload a malicious 'inhouse' model and use the 'finetune' feature to run arbitrary code (any commands they want) on the server.
CVE-2024-45854 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.10.3.0 and newer where deserialization of untrusted data (converting data from an external format back into executable code without checking if it's safe) allows an attacker to upload a malicious model that runs arbitrary code (any commands the attacker wants) on the server when a describe query is executed on it.
CVE-2024-45853 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.10.2.0 and newer where deserialization of untrusted data (the process of converting received data back into usable objects without checking if it's safe) allows an attacker to upload a malicious model that runs arbitrary code on the server when making predictions. This is a serious flaw because it gives attackers full control to execute whatever commands they want on the affected system.
CVE-2024-45852 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.3.2.0 and newer that allows deserialization of untrusted data (converting untrusted incoming data back into executable code). An attacker can upload a malicious model that runs arbitrary code (any commands they choose) on the server when someone interacts with it.
A security flaw was found in the Chatbot with ChatGPT WordPress plugin (versions before 2.4.5) where certain REST routes (endpoints that external programs use to interact with the plugin) did not properly check user permissions, allowing anyone without logging in to delete error and chat logs.
A WordPress plugin called Chatbot Support AI (versions up to 1.0.2) has a security flaw where it fails to properly clean and filter certain settings, allowing admin users to inject malicious code through stored cross-site scripting (XSS, a type of attack where harmful scripts are saved and executed when users view a page). This vulnerability is particularly dangerous because it works even in multisite setups where HTML code is normally restricted.
CVE-2024-7110 is a vulnerability in GitLab EE (a code management platform) versions 17.0 through 17.3 that allows an attacker to execute arbitrary commands (run code of their choice) in a victim's pipeline through prompt injection (tricking the system by hiding malicious instructions in user input). This vulnerability affects multiple recent versions of the software.
Khoj, an application that creates personal AI agents, has a vulnerability in its Automation feature where users can insert arbitrary HTML and JavaScript code through the q parameter of the /api/automation endpoint due to improper input sanitization (a security flaw called stored XSS, where malicious code gets saved and runs when the page loads). This allows attackers to inject harmful code that affects other users viewing the page.
The Chatbot with ChatGPT WordPress plugin before version 2.4.5 has a SQL injection vulnerability (a type of attack where malicious code is inserted into database queries), which can be exploited by anyone without needing to log in when they submit messages to the chatbot. The plugin fails to properly sanitize and escape a parameter, meaning it doesn't clean or protect user input before using it in a SQL statement.
The Chatbot with ChatGPT WordPress plugin before version 2.4.5 has a vulnerability where it does not properly clean and escape user inputs, allowing attackers to perform Stored Cross-Site Scripting attacks (XSS, a type of attack where malicious code gets saved and runs when admins view it) without needing to be logged in.
Streamlit (a Python framework for building data applications) had a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) in its static file sharing feature on Windows. An attacker could exploit this to steal the password hash (an encrypted version of a password) of the Windows user running Streamlit.
CVE-2024-6706 is a vulnerability where attackers can write malicious prompts that trick a language model into running arbitrary JavaScript (code that executes in a web browser) on a webpage. This is a type of cross-site scripting (XSS) attack, where untrusted input is not properly cleaned before being displayed on a web page, allowing attackers to inject malicious code.
CVE-2024-38206 is a vulnerability in Microsoft Copilot Studio where an authenticated attacker (someone with valid login credentials) can bypass SSRF protection (security that prevents a server from being tricked into making unwanted network requests) to leak sensitive information over a network.
A vulnerability in the stitionai/devika AI project allows attackers to read sensitive files on a computer through prompt injection (tricking an AI by hiding malicious instructions in its input). The problem occurs because Google Gemini's safety filters were disabled, which normally prevent harmful outputs, leaving the system open to commands like reading `/etc/passwd` (a file containing user account information).
CVE-2024-38791 is a server-side request forgery (SSRF, a flaw where an attacker tricks a server into making unwanted requests to other systems) vulnerability in the Jordy Meow AI Engine: ChatGPT Chatbot plugin that affects versions up to 2.4.7. The vulnerability allows attackers to exploit this weakness to perform unauthorized actions by manipulating the plugin's server requests.
Haystack is a framework for building applications with LLMs (large language models) and AI tools, but versions before 2.3.1 have a critical vulnerability where attackers can execute arbitrary code if they can create and render Jinja2 templates (template engines that generate dynamic text). This affects Haystack clients that allow users to create and run Pipelines, which are workflows that process data through multiple steps.
A bug in TensorFlow (an open source platform for building machine learning models) causes a segfault (a crash where the program tries to access memory it shouldn't) when the `array_ops.upper_bound` function receives input that is not a rank 2 tensor (a two-dimensional array of numbers).
Langflow versions before 1.0.13 have a privilege escalation vulnerability (a security flaw where an attacker gains higher access rights than they should have) that lets a remote attacker with low privileges become a super admin by sending a specially crafted request to the '/api/v1/users' endpoint using mass assignment (a technique where an attacker modifies multiple fields at once by exploiting how the application handles user input).
CVE-2024-41120 is a vulnerability in streamlit-geospatial, a web application for geospatial data analysis, where user input to a URL field is not validated before being sent to a file-reading function. This allows attackers to make the server send requests to any destination they choose, a technique called SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems). The vulnerability affects code before a specific commit that patches the issue.
Fix: Update the Chatbot with ChatGPT WordPress plugin to version 2.4.5 or later.
NVD/CVE DatabaseOllama before version 0.1.47 has a vulnerability in its extractFromZipFile function where it can extract files from a ZIP archive outside of the intended parent directory, a weakness called path traversal (CWE-22, where an attacker manipulates file paths to access directories they shouldn't). This could allow an attacker to write files to unintended locations on a system when processing a specially crafted ZIP file.
Fix: Update Ollama to version 0.1.47 or later. The fix is available in the comparison between v0.1.46 and v0.1.47 (https://github.com/ollama/ollama/compare/v0.1.46...v0.1.47) and was implemented in pull request #5314 (https://github.com/ollama/ollama/pull/5314).
NVD/CVE DatabaseFix: This vulnerability is fixed in version 1.15.0.
NVD/CVE DatabaseFix: Update the Chatbot with ChatGPT WordPress plugin to version 2.4.5 or later.
NVD/CVE DatabaseFix: The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0.
NVD/CVE DatabaseFix: Patch available from Microsoft Corporation at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38206
NVD/CVE DatabaseFix: The vulnerability has been fixed in Haystack version 2.3.1. Users should upgrade to this version or later.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.13 and has also been applied to TensorFlow 2.12 through a cherrypick commit (applying a specific code change to an older version).
NVD/CVE DatabaseFix: Upgrade Langflow to version 1.0.13 or later.
NVD/CVE DatabaseFix: Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. Users should update to the version containing this commit.
NVD/CVE Database