Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

Protect AI, which offers artificial intelligence and machine language security, released its April vulnerability report Thursday.

The report was created with Protect AI's AL/ML "bug bounty" program, huntr. According to the company, the program is made up of over 15,000 members who hunt for vulnerabilities across the "entire OSS AL/ML supply chain."

The vulnerabilities involve tools used to build ML models that fuel AI applications. The huntr community, along with Protect AI researchers, found these tools to be vulnerable to "unique security threats."

Here is a list of the vulnerabilities huntr has discovered:

Remote Code Execution in PyTorch Serve

https://huntr.dev/bounties/f18ee3d1-8390-4de3-923a-5b453ba698a7

"Impact: Allows attackers to execute arbitrary code on the server hosting PyTorch Serve.

PyTorch Serve is vulnerable to an attack where a remote user could upload a model that contains malicious code if PyTorch Serve were exposed to the network. This code is executed when the model is deployed, leading to potential remote code execution on the server. Maintainers have updated the security documentation to help prevent users from being vulnerable."

Server-Side Template Injection in BerriAI/litellm

https://huntr.dev/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4

"Impact: Enables attackers to execute unauthorized commands on the server.

The hf_chat_template method in BerriAI's litellm project processes user input through the Jinja template engine without proper sanitization. This can be exploited to execute arbitrary commands on the server."

Insecure Deserialization in BentoML

https://huntr.dev/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68

"Impact: Allows remote attackers to execute arbitrary code on the server.

BentoML is susceptible to an insecure deserialization vulnerability. By sending a specially crafted request, an attacker can execute arbitrary code on the server hosting the BentoML application."

Regular Expression Denial of Service (ReDoS) in FastAPI

https://huntr.dev/bounties/dd680268-d735-4f33-a358-d827694ab035

"Impact: Can cause the server to become unresponsive, leading to a denial of service.

FastAPI is vulnerable to a ReDoS attack under specific conditions when parsing Form data. This vulnerability can be exploited to make the server unresponsive by consuming all available CPU resources."

Protect AI also released recommendations to fix these vulnerabilities:

CVE
Title
Severity
CVSS
Fixed
Recommendations
CVE-2024-3025
Arbitrary file deletion / reading via path traversal in logo photo upload and download feature in anything-llm
Critical
9.9
Yes
Upgrade to version 1.0.0
CVE-2024-2083
Directory Traversal in /api/v1/steps in zenml
Critical
9.9
Yes
Upgrade to version 0.55.5
N/A per maintainer request
Remote Code Execution due to Full Controlled File Write in pytorch/serve
Critical
9.8
Yes
Read security documentation for secure deployment.
CVE-2024-2912
RCE By Sending A Single POST Request Via Insecure Deserialization in bentoml
Critical
9.8
Yes
Upgrade to version 1.2.5
CVE-2024-3098
Prompt Injection leading to Arbitrary Code Execution in llama_index
Critical
9.8
Yes
Upgrade to version 0.10.24
CVE-2024-2221
Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in qdrant
Critical
9.8
Yes
Upgrade to version 1.8.0
CVE-2024-1520
OS Command Injection in lollms-webui
Critical
9.8
Yes
Upgrade to version 9.1
CVE-2024-2029
Command injection in audioToWav in mudler/localai in localai
Critical
9.8
Yes
Upgrade to version 2.10.0
CVE-2024-3271
safe_eval bypass lead to RCE (Command Injection) in llama_index
Critical
9.8
Yes
Upgrade to version 10.26
CVE-2024-1600
Local File Inclusion in lollms-webui
Critical
9.3
Yes
Upgrade to version 9.5
CVE-2024-3573
Local File Read (LFI) due to scheme confusion in mlflow
Critical
9.3
Yes
Upgrade to version 2.10.0
CVE-2024-1643
join any organization and read/modify all data in lunary
Critical
9.1
Yes
Upgrade to version 1.2.2
CVE-2024-1740
removed user from a org can read/create/modify/delete logs in lunary
Critical
9.1
Yes
Upgrade to version 1.2.7
CVE-2024-1626
idor bug to change any org project in lunary
Critical
9.1
Yes
Upgrade to version 1.0.0
CVE-2024-0404
Mass assignment in account creation from invitation in anything-llm
Critical
9.1
Yes
Upgrade to version 1.0.0
CVE-2024-3029
Deactivate Multi-User Mode and Delete All Users in anything-llm
Critical
9.0
Yes
Upgrade to version 1.0.0
CVE-2024-1522
Remote Code Execution Via Cross-Site Request Forgery in lollms-webui
High
8.8
Yes
Upgrade to version 9.2
CVE-2024-1540
[gradio-app/gradio] Secrets exfiltration via the [deploy+test-visual.yml] workflow in gradio
High
8.6
Yes
Upgrade to commit d56bb28df80d8db1f33e4acf4f6b2c4f87cb8b28
CVE-2024-1646
Insufficient protection over sensitive endpoints in lollms-webui
High
8.2
Yes
Upgrade to version 9.3
CVE-2024-25723
Improper Access Control leads to Account Takeover/Privilege Escalation in zenml
High
8.1
Yes
Upgrade to version 0.56.2
CVE-2024-0798
privilege escalation bug to delete the uploaded document in anything-llm
High
8.1
Yes
Upgrade to version 1.0.0
CVE-2024-0549
Path traversal leads to anythingllm.db deletion in anything-llm
High
8.1
Yes
Upgrade to version 1.0.0
CVE-2024-24762
Content-Type Header ReDoS in fastapi
High
7.5
Yes
Upgrade to version 0.109.1
CVE-2024-3569
DOS attack in Just me mode in anything-llm
High
7.5
Yes
Upgrade to version 1.0.0
CVE-2024-1625
idor bug to delete any org project in lunary
High
7.5
Yes
Upgrade to version 1.0.1
CVE-2024-1728
Local File Inclusion in gradio
High
7.5
Yes
Upgrade to version 4.19.2
CVE-2024-2217
Unauthorized access to config.json file in chuanhuchatgpt
High
7.5
Yes
Upgrade to version 20240310
CVE-2024-1892
Denial of Service when parsing downloaded XML content in XMLFeedSpider in scrapy
High
7.5
Yes
Upgrade to version 2.11
CVE-2024-1739
creating account with same email in lunary
High
7.5
Yes
Upgrade to version 1.0.2
CVE-2024-1601
SQL injection in delete_discussion()in lollms-webui
High
7.5
Yes
Upgrade to version 9.2
CVE-2024-1561
Local file read by calling arbitrary methods of Components class in gradio
High
7.5
Yes
Upgrade to version 4.13.0
N/A per maintainer request
Bypass private/linklocal/loopback IP validation Method lead to SSRF in netaddr
High
7.5
Yes
Upgrade to version 0.10.0
CVE-2024-3572
Parsing XML content using insecure function in scrapy
High
7.5
Yes
Upgrade to version 2.11.1
CVE-2024-3574
Authorization header leaked to third party site and it allow to hijack victim account in scrapy
High
7.5
Yes
Upgrade to version 2.11.1
CVE-2024-2206
Insufficient SSRF protection allow gradio app to proxy arbitrary URLs in gradio
High
7.3
Yes
Upgrade to version 4.18
CVE-2024-3283
Mass assignment that leads to privilege escalation attack in anything-llm
High
7.2
Yes
Upgrade to version 1.0.0
CVE-2024-3028
User can read and delete arbitrary files in anything-llm
High
7.2
Yes
Upgrade to version 1.0.0
CVE-2024-3101
Users can escalate privileges by deactivating 'Multi-User Mode'. in anything-llm
Medium
6.7
Yes
Upgrade to version 1.0.0
CVE-2023-6568
Reflected POST XSS in mlflow
Medium
6.5
Yes
Upgrade to version 2.9.0
CVE-2024-3571
Local File Inclusion (LFI) to Remote Code Execution in langchain
Medium
6.5
Yes
Upgrade to version 0.0.353
CVE-2024-1183
ssrf bug to scan internet network in gradio
Medium
6.5
Yes
Upgrade to version 4.11
CVE-2024-1455
Billion laughs vulnerability that leads to DOS in langchain
Medium
5.9
Yes
Upgrade to version 0.1.35
CVE-2024-1729
timing attack to guess the password in gradio
Medium
5.9
Yes
Upgrade to version 4.19.2
CVE-2024-1599
bypass payment and create more project than limit without paying extra money in lunary
Medium
5.3
Yes
Upgrade to version 1.0.0
CVE-2024-1569
Denial of Service in lollms-webui
Medium
5.3
Yes
Upgrade to version 9.2
CVE-2024-1727
CSRF allows attacker to upload many large files to victim in gradio
Medium
4.3
Yes
Upgrade to version 4.19.2
CVE-2024-2260
Session fixation lead to bypass authentication in zenml
Medium
4.2
Yes
Upgrade to version 0.56.2
CVE-2024-3568
Transformers has a Deserialization of Untrusted Data vulnerability in transformers
Low
3.4
Yes
Upgrade to version 4.38