Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
TensorFlow, an open source machine learning platform, had a vulnerability where mismatched parameters in the `DynamicStitch` function could cause a stack OOB read (out-of-bounds read, where a program accesses memory it shouldn't). This flaw affected versions before 2.12.0 and 2.11.1.
Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseTensorFlow, an open source platform for machine learning, had an out of bounds read vulnerability (a bug where code tries to access memory it shouldn't) in a component called GRUBlockCellGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to read sensitive data or crash the system.
CVE-2023-1177 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..') in MLflow versions before 2.2.1. This weakness allows attackers to potentially read or access files they shouldn't be able to reach on the system.
CVE-2023-1176 is an absolute path traversal vulnerability (a bug where an attacker can access files anywhere on a system by using file paths that start from the root directory) found in MLflow, an open-source platform for managing machine learning experiments, affecting versions before 2.2.2. The vulnerability was discovered and reported through the huntr.dev bug bounty program.
Streamlit, software that converts data scripts into web applications, had a cross-site scripting vulnerability (XSS, where an attacker injects malicious code that runs in a user's browser) in versions 0.63.0 through 0.80.0. An attacker could craft a malicious URL containing JavaScript code, trick a user into clicking it, and the Streamlit server would execute that code in the victim's browser.
LiteDB, a lightweight database library for .NET, has a vulnerability in versions before 5.0.13 where it can deserialize (convert data from a format like JSON back into usable objects) untrusted data. If an attacker sends specially crafted JSON to an application using LiteDB, the library may load unsafe objects by using a special `_type` field that tells it what class to create, potentially allowing malicious code execution.
Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.
CVE-2022-26076 is a vulnerability in Intel's oneAPI Deep Neural Network library (oneDNN, a software framework for machine learning tasks) before version 2022.1 that involves an uncontrolled search path element (a weakness where a program looks for files in directories it shouldn't trust, potentially allowing attackers to substitute malicious files). An authenticated user (someone with login access) could exploit this through local access to gain higher system privileges.
CVE-2023-23382 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized access to sensitive information. The vulnerability is related to storing passwords in a recoverable format (CWE-257, meaning passwords are saved in a way that can be converted back to their original form), making it easier for attackers to steal credentials.
A WordPress plugin called 'GPT AI Power' before version 1.4.38 has a security flaw where logged-in users can modify any posts without proper authorization checks (nonce and privilege verification, which are security measures that confirm a user has permission to perform an action). This means someone with basic login access could change or delete content they shouldn't be able to touch.
ONNX (a machine learning model format library) versions before 1.13.0 contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended folder by using paths like '../../../etc/passwd'). An attacker could exploit the external_data field in tensor proto (data structure in ONNX models) to read sensitive files from anywhere on a system.
TensorFlow, an open source platform for machine learning, has a bug in the MakeGrapplerFunctionItem function where providing inputs larger than or equal to the output sizes causes an out-of-bounds memory read (reading data from memory locations the program shouldn't access) or a crash. The issue has been patched and will be included in TensorFlow 2.11.0 as well as backported to earlier versions.
TensorFlow, an open source machine learning platform, has a bug in its MakeGrapplerFunctionItem function where providing input sizes that are greater than or equal to output sizes causes an out-of-bounds memory read (accessing memory locations outside the intended range) or a crash. This vulnerability affects how TensorFlow processes data when sizes are mismatched.
PyTorch versions before trunk/89695 have a vulnerability in the torch.jit.annotations.parse_type_line function that can allow arbitrary code execution (running attacker-controlled commands on a system) because it uses eval unsafely (eval is a function that executes code from text input without proper safety checks).
TensorFlow, an open source platform for machine learning, has a bug where converting character data to boolean values can cause crashes because the conversion is undefined unless the character is exactly 0 or 1. This issue affects the process of printing tensors (multi-dimensional arrays of data used in machine learning).
TensorFlow (an open source machine learning platform) has a vulnerability where invalid input to a specific function causes a segfault (a crash where the program tries to access memory it shouldn't). The bug occurs when `tf.raw_ops.CompositeTensorVariantToComponents` receives an `encoded` parameter that is not a valid `CompositeTensorVariant` tensor (a data structure for machine learning computations).
TensorFlow, an open-source machine learning platform, has a vulnerability where passing a `token` input that is not UTF-8 encoded (a character encoding standard) causes the `tf.raw_ops.PyFunc` function to crash with a CHECK fail (a safety check that stops execution when something is wrong). This is a type of improper input validation weakness, meaning the function doesn't properly check whether its input is in the correct format before processing it.
TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.ResizeNearestNeighborGrad` function where a large `size` input causes an integer overflow (a calculation error where a number becomes too big for its storage space). This bug allows an attacker to potentially crash the system or execute malicious code.
TensorFlow, an open source machine learning platform, has a bug where invalid input to the `SparseMatrixNNZ` function (a function that counts non-zero values in a sparse matrix, which is a matrix stored efficiently by only keeping non-zero elements) causes the program to crash with a CHECK fail (an assertion error, where the program stops because a required condition wasn't met). This vulnerability affects multiple versions of TensorFlow.
TensorFlow (an open source machine learning platform) has a security vulnerability in its FractionalMaxPool and FractionalAvgPool functions when given invalid pooling_ratio values. Attackers can exploit this to access heap memory (the computer's temporary storage area outside normal program control), potentially causing the system to crash or allowing remote code execution (running harmful commands on someone else's computer).
Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseFix: Update MLflow to version 2.2.1 or later. A patch is available at https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
NVD/CVE DatabaseFix: Fixed in version 2.2.2. A patch is available at https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d.
NVD/CVE DatabaseFix: Update to version 0.81.0, which contains a patch for this vulnerability.
NVD/CVE DatabaseFix: Update LiteDB to version 5.0.13 or later. The source notes this version includes basic fixes to prevent the issue, though it is not completely guaranteed when using `Object` type. A future major version will add an allow-list to control which assemblies (code libraries) can be loaded. For immediate protection, consult the vendor advisory for additional workarounds.
NVD/CVE DatabaseFix: Update to version 3.13.1 or later. Gradio recommends updating to version 3.19.1 or later, where the FRP (Fast Reverse Proxy) solution has been properly tested.
NVD/CVE DatabaseFix: Update the plugin to version 1.4.38 or later.
NVD/CVE DatabaseFix: Update to ONNX version 1.13.0 or later.
NVD/CVE DatabaseFix: The fix is available in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. Users should update to TensorFlow 2.11.0, or for earlier versions, update to 2.8.4, 2.9.3, or 2.10.1 where the patch has been backported.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix is included in TensorFlow 2.11.0, and will also be included in TensorFlow 2.8.4, 2.9.3, and 2.10.1.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0, and will also be applied to TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11, and will also be backported to TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix is included in TensorFlow 2.11, and will also be patched in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.
NVD/CVE DatabaseFix: The fix is included in TensorFlow 2.11 and has been backported to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The specific patch is available in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix is included in TensorFlow 2.11 and has been backported (adapted for older versions) to TensorFlow 2.10.1, 2.9.3, and 2.8.4.
NVD/CVE DatabaseFix: The vulnerability was patched in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0, and the patch will also be applied to TensorFlow 2.10.1.
NVD/CVE Database