Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
Gradio (a framework for building web interfaces for machine learning models) before version 4.20 has a vulnerability on Windows where credentials can be unintentionally revealed. The issue stems from improper encoding or escaping of output (meaning the software doesn't properly clean or protect sensitive information before displaying it).
Fix: Update Gradio to version 4.20 or later.
NVD/CVE DatabaseA vulnerability in sagemaker-python-sdk (a library for machine learning on Amazon SageMaker) allows OS command injection (running unauthorized system commands) if unsafe input is passed to the capture_dependencies function's requirements_path parameter, potentially letting attackers execute code remotely or disrupt service. The vulnerability affects versions before 2.214.3.
A vulnerability in the sagemaker-python-sdk library (used for machine learning on Amazon SageMaker) allows unsafe deserialization, where the NumpyDeserializer module can execute malicious code if it processes untrusted pickled data (serialized Python objects stored in a binary format). An attacker could exploit this to run arbitrary commands on a system or crash it.
CVE-2023-5675 is a security flaw in Quarkus (a Java framework for building applications) where authorization checks are bypassed for REST API endpoints whose methods are defined in abstract classes or modified by extensions using annotation processors, if certain security settings are enabled. This means unauthorized users could potentially access protected API endpoints that should require authentication or specific permissions.
PyTorch versions before 2.2.0 contain an out-of-bounds read vulnerability (a bug where code tries to read data from memory outside its allowed range) in the flatbuffer_loader component, which is used for loading machine learning models on mobile devices. This vulnerability could potentially allow attackers to read sensitive information from memory or cause the program to crash.
PyTorch versions before v2.2.0 contain a use-after-free vulnerability (a memory bug where code tries to access data that has already been freed) in the mobile interpreter component. This vulnerability was identified in the torch/csrc/jit/mobile/interpreter.cpp file.
PyTorch versions before v2.2.0 contain a heap buffer overflow vulnerability (a type of memory safety bug where a program writes data beyond allocated memory limits) in its runtime component that allows attackers to crash the software through specially crafted input. This is a Denial of Service attack, meaning the goal is to make the software unusable rather than steal data.
CVE-2024-3660 is a code injection vulnerability (a flaw that lets attackers insert and run harmful code) in TensorFlow's Keras framework (a machine learning library) affecting versions before 2.13. Attackers can exploit this to execute arbitrary code (run commands they choose) with the same permissions as the application using a vulnerable model.
MLflow (a machine learning platform) has a vulnerability where its URI parsing function incorrectly classifies certain file paths as non-local, allowing attackers to read sensitive files they shouldn't access. By crafting malicious model versions with specially crafted parameters, attackers can bypass security checks and read arbitrary files from the system.
LangChain's LocalFileStore feature has a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory by using special path sequences like '../'). An attacker can exploit this to read or write any files on the system, potentially stealing data or executing malicious code. The problem stems from the mset and mget methods not properly filtering user input before handling file paths.
BentoML (a framework for building AI applications) contains an insecure deserialization vulnerability that lets attackers run arbitrary commands on servers by sending specially crafted requests. When the framework deserializes (converts stored data back into usable objects) a malicious object, it automatically executes hidden OS commands, giving attackers control of the server.
CVE-2024-1594 is a path traversal vulnerability (a flaw that lets attackers access files outside their permitted directory) in MLflow's experiment creation feature. Attackers can exploit this by inserting a fragment component (#) into the artifact_location parameter to read arbitrary files on the server.
MLflow, a machine learning platform, has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) caused by improper handling of URL parameters. Attackers can use the semicolon (;) character to hide malicious path sequences in URLs, potentially gaining unauthorized access to sensitive files or compromising the server.
A path traversal vulnerability (a security flaw where attackers use special characters like ../ to access files outside their intended directory) exists in MLflow's artifact deletion feature. Attackers can delete arbitrary files on a server by exploiting an extra decoding step that fails to properly validate user input, and this vulnerability affects versions up to 2.9.2.
CVE-2024-1558 is a path traversal vulnerability (a security flaw where an attacker uses special characters like "../" to access files outside their intended directory) in MLflow's model version creation function. An attacker can craft a malicious `source` parameter that bypasses the validation check, allowing them to read any file on the server when fetching model artifacts.
Stable-diffusion-webui version 1.7.0 has a vulnerability where user input from the Backup/Restore tab is not properly validated before being used to create file paths, allowing attackers to write JSON files to arbitrary locations on Windows systems where the web server has access. This is a limited file write vulnerability (a security flaw that lets attackers create or modify files in unintended locations) that could let an attacker place malicious files on the server.
CVE-2023-51409 is a vulnerability in the Jordy Meow AI Engine: ChatGPT Chatbot plugin (versions up to 1.9.98) that allows unrestricted upload of dangerous file types, meaning attackers can upload files that shouldn't be allowed without proper validation. This vulnerability could potentially lead to remote code execution (running malicious commands on the affected system).
Fix: Upgrade to version 2.214.3 or later. Alternatively, users unable to upgrade should not override the "requirements_path" parameter of the capture_dependencies function and instead use the default value.
NVD/CVE DatabaseFix: Upgrade to sagemaker-python-sdk version 2.218.0 or later. If unable to upgrade, do not process pickled numpy object arrays from untrusted sources or data that could have been modified by others. Only use pickled numpy object arrays from sources you trust.
NVD/CVE DatabaseFix: Upgrade to PyTorch version 2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6.
NVD/CVE DatabaseFix: Update PyTorch to version v2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2.
NVD/CVE DatabaseFix: Upgrade to PyTorch v2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81.
NVD/CVE DatabaseGradio, a popular Python library for building AI interfaces, has a vulnerability in its `/component_server` endpoint that lets attackers call any method on a Component class with their own arguments. By exploiting a specific method called `move_resource_to_block_cache()`, attackers can copy files from the server's filesystem to a temporary folder and download them, potentially exposing sensitive data like API keys, especially when apps are shared online or hosted on platforms like Hugging Face.
CVE-2024-1483 is a path traversal vulnerability (a weakness that lets attackers access files outside intended directories) in MLflow version 2.9.2 that allows attackers to read arbitrary files on a server. The vulnerability occurs because the server doesn't properly validate user input in the 'artifact_location' and 'source' parameters, and attackers can exploit this by sending specially crafted HTTP POST requests that use '#' instead of '?' in local URIs to navigate the server's directory structure.
CVE-2024-1183 is an SSRF vulnerability (a flaw where an attacker tricks a server into making requests to internal networks) in the Gradio application that lets attackers scan and identify open ports on internal networks by manipulating the 'file' parameter in requests and reading responses for specific headers or error messages.
Fix: A patch is available at https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4
NVD/CVE Database