Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Samara Lynn
clock • 6 min read
Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

Protect AI, which offers artificial intelligence and machine language security, released its April vulnerability report Thursday. 

The report was created with Protect AI's AL/ML "bug bounty" program, huntr. According to the company, the program is made up of over 15,000 members who hunt for vulnerabilities across the "entire OSS AL/ML supply chain."  

The vulnerabilities involve tools used to build ML models that fuel AI applications. The huntr community, along with Protect AI researchers, found these tools to be vulnerable to "unique security threats."  

Here is a list of the vulnerabilities huntr has discovered:  

Remote Code Execution in PyTorch Serve  

https://huntr.dev/bounties/f18ee3d1-8390-4de3-923a-5b453ba698a7 

"Impact: Allows attackers to execute arbitrary code on the server hosting PyTorch Serve. 

PyTorch Serve is vulnerable to an attack where a remote user could upload a model that contains malicious code if PyTorch Serve were exposed to the network. This code is executed when the model is deployed, leading to potential remote code execution on the server. Maintainers have updated the security documentation to help prevent users from being vulnerable." 

Server-Side Template Injection in BerriAI/litellm 

https://huntr.dev/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4 

"Impact: Enables attackers to execute unauthorized commands on the server. 

The hf_chat_template method in BerriAI's litellm project processes user input through the Jinja template engine without proper sanitization. This can be exploited to execute arbitrary commands on the server." 

Insecure Deserialization in BentoML 

https://huntr.dev/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68 

"Impact: Allows remote attackers to execute arbitrary code on the server. 

BentoML is susceptible to an insecure deserialization vulnerability. By sending a specially crafted request, an attacker can execute arbitrary code on the server hosting the BentoML application." 

Regular Expression Denial of Service (ReDoS) in FastAPI 

https://huntr.dev/bounties/dd680268-d735-4f33-a358-d827694ab035 

"Impact: Can cause the server to become unresponsive, leading to a denial of service. 

FastAPI is vulnerable to a ReDoS attack under specific conditions when parsing Form data. This vulnerability can be exploited to make the server unresponsive by consuming all available CPU resources." 

Protect AI also released recommendations to fix these vulnerabilities: 

CVE

Title

Severity

CVSS

Fixed

Recommendations

CVE-2024-3025

Arbitrary file deletion / reading via path traversal in logo photo upload and download feature in anything-llm

Critical

9.9

Yes

Upgrade to version 1.0.0

CVE-2024-2083

Directory Traversal in /api/v1/steps in zenml

Critical

9.9

Yes

Upgrade to version 0.55.5

N/A per maintainer request

Remote Code Execution due to Full Controlled File Write in pytorch/serve

 

Critical

9.8

Yes

Read security documentation for secure deployment.

CVE-2024-2912

RCE By Sending A Single POST Request Via Insecure Deserialization in bentoml

Critical

9.8

Yes

Upgrade to version 1.2.5

CVE-2024-3098

Prompt Injection leading to Arbitrary Code Execution in llama_index

Critical

9.8

Yes

Upgrade to version 0.10.24

CVE-2024-2221

Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in qdrant

Critical

9.8

Yes

Upgrade to version 1.8.0

CVE-2024-1520

OS Command Injection in lollms-webui

Critical

9.8

Yes

Upgrade to version 9.1

CVE-2024-2029

Command injection in audioToWav in mudler/localai in localai

Critical

9.8

Yes

Upgrade to version 2.10.0

CVE-2024-3271

safe_eval bypass lead to RCE (Command Injection) in llama_index

Critical

9.8

Yes

Upgrade to version 10.26

CVE-2024-1600

Local File Inclusion in lollms-webui

Critical

9.3

Yes

Upgrade to version 9.5

CVE-2024-3573

Local File Read (LFI) due to scheme confusion in mlflow

Critical

9.3

Yes

Upgrade to version 2.10.0

CVE-2024-1643

join any organization and read/modify all data in lunary

Critical

9.1

Yes

Upgrade to version 1.2.2

CVE-2024-1740

removed user from a org can read/create/modify/delete logs in lunary

Critical

9.1

Yes

Upgrade to version 1.2.7

CVE-2024-1626

idor bug to change any org project in lunary

Critical

9.1

Yes

Upgrade to version 1.0.0

CVE-2024-0404

Mass assignment in account creation from invitation in anything-llm

Critical

9.1

Yes

Upgrade to version 1.0.0

CVE-2024-3029

Deactivate Multi-User Mode and Delete All Users in anything-llm

Critical

9.0

Yes

Upgrade to version 1.0.0

CVE-2024-1522

Remote Code Execution Via Cross-Site Request Forgery in lollms-webui

High

8.8

Yes

Upgrade to version 9.2

CVE-2024-1540

[gradio-app/gradio] Secrets exfiltration via the [deploy+test-visual.yml] workflow in gradio

High

8.6

Yes

Upgrade to commit d56bb28df80d8db1f33e4acf4f6b2c4f87cb8b28

CVE-2024-1646

Insufficient protection over sensitive endpoints in lollms-webui

High

8.2

Yes

Upgrade to version 9.3

CVE-2024-25723

Improper Access Control leads to Account Takeover/Privilege Escalation in zenml

High

8.1

Yes

Upgrade to version 0.56.2

CVE-2024-0798

privilege escalation bug to delete the uploaded document in anything-llm

High

8.1

Yes

Upgrade to version 1.0.0

CVE-2024-0549

Path traversal leads to anythingllm.db deletion in anything-llm

High

8.1

Yes

Upgrade to version 1.0.0

CVE-2024-24762

Content-Type Header ReDoS in fastapi

High

7.5

Yes

Upgrade to version 0.109.1

CVE-2024-3569

DOS attack in Just me mode in anything-llm

High

7.5

Yes

Upgrade to version 1.0.0

CVE-2024-1625

idor bug to delete any org project in lunary

High

7.5

Yes

Upgrade to version 1.0.1

CVE-2024-1728

Local File Inclusion in gradio

High

7.5

Yes

Upgrade to version 4.19.2

CVE-2024-2217

Unauthorized access to config.json file in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240310

CVE-2024-1892

Denial of Service when parsing downloaded XML content in XMLFeedSpider in scrapy

High

7.5

Yes

Upgrade to version 2.11

CVE-2024-1739

creating account with same email in lunary

High

7.5

Yes

Upgrade to version 1.0.2

CVE-2024-1601

SQL injection in delete_discussion()in lollms-webui

High

7.5

Yes

Upgrade to version 9.2

CVE-2024-1561

Local file read by calling arbitrary methods of Components class in gradio

High

7.5

Yes

Upgrade to version 4.13.0

N/A per maintainer request

Bypass private/linklocal/loopback IP validation Method lead to SSRF in netaddr

High

7.5

Yes

Upgrade to version 0.10.0

CVE-2024-3572

Parsing XML content using insecure function in scrapy

High

7.5

Yes

Upgrade to version 2.11.1

CVE-2024-3574

Authorization header leaked to third party site and it allow to hijack victim account in scrapy

High

7.5

Yes

Upgrade to version 2.11.1

CVE-2024-2206

Insufficient SSRF protection allow gradio app to proxy arbitrary URLs in gradio

High

7.3

Yes

Upgrade to version 4.18

CVE-2024-3283

Mass assignment that leads to privilege escalation attack in anything-llm

High

7.2

Yes

Upgrade to version 1.0.0

CVE-2024-3028

User can read and delete arbitrary files in anything-llm

High

7.2

Yes

Upgrade to version 1.0.0

CVE-2024-3101

Users can escalate privileges by deactivating 'Multi-User Mode'. in anything-llm

Medium

6.7

Yes

Upgrade to version 1.0.0

CVE-2023-6568

Reflected POST XSS in mlflow

Medium

6.5

Yes

Upgrade to version 2.9.0

CVE-2024-3571

Local File Inclusion (LFI) to Remote Code Execution in langchain

Medium

6.5

Yes

Upgrade to version 0.0.353

CVE-2024-1183

ssrf bug to scan internet network in gradio

Medium

6.5

Yes

Upgrade to version 4.11

CVE-2024-1455

Billion laughs vulnerability that leads to DOS in langchain

Medium

5.9

Yes

Upgrade to version 0.1.35

CVE-2024-1729

timing attack to guess the password in gradio

Medium

5.9

Yes

Upgrade to version 4.19.2

CVE-2024-1599

bypass payment and create more project than limit without paying extra money in lunary

Medium

5.3

Yes

Upgrade to version 1.0.0

CVE-2024-1569

Denial of Service in lollms-webui

Medium

5.3

Yes

Upgrade to version 9.2

CVE-2024-1727

CSRF allows attacker to upload many large files to victim in gradio

Medium

4.3

Yes

Upgrade to version 4.19.2

CVE-2024-2260

Session fixation lead to bypass authentication in zenml

Medium

4.2

Yes

Upgrade to version 0.56.2

CVE-2024-3568

Transformers has a Deserialization of Untrusted Data vulnerability in transformers

Low

3.4

Yes

Upgrade to version 4.38

 

You may also like
Leaked Documents Provide Glimpse Into Google's Search Secrets

Software

'Over a decade we've been lied to,' says source

clock 05-29-2024 • 4 min read
Google Eyes HubSpot Acquisition To Challenge Microsoft

Cloud Computing

Microsoft's Dynamics products dominate the modern CRM sector

clock 05-28-2024 • 3 min read
5 AI Policy Templates You Can Use As A Framework

Artificial Intelligence

AI is something that many businesses are still working through. There are guidance and tools to help to create a framework for any business.

clock 05-24-2024 • 2 min read

More on Security

How Semperis Is Helping Detect 'Low And Slow' Cyberattacks And Why It's Targeting The Midmarket

How Semperis Is Helping Detect 'Low And Slow' Cyberattacks And Why It's Targeting The Midmarket

Semperis' VP of products, Darren Mar-Elia, breaks down how ML helps with identity-based security and why the new offering is a fit for midmarket organizations' cyber resilience strategies

Samara Lynn
clock 05-23-2024 • 7 min read
Microsoft Build 2024: CEO Nadella Declares 'A Golden Age Of Systems'

Microsoft Build 2024: CEO Nadella Declares 'A Golden Age Of Systems'

'I still remember distinctly the first time Win32 was discussed … .Net, Azure. These are moments that I’ve marked my life with. And it just feels like we’re, yet again, at a moment like that,' Microsoft CEO Satya Nadella said in his keynote at Build 2024....

Wade Tyler Millward
clock 05-22-2024 • 9 min read
Strata Announces 'Always-On' Identity Continuity

Strata Announces 'Always-On' Identity Continuity

Identity access and management continues to evolve

Samara Lynn
clock 05-21-2024 • 2 min read