Protect AI Releases 'Bug Bounty' Report On May Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Samara Lynn
clock • 5 min read
Protect AI Releases 'Bug Bounty' Report On May Vulnerabilities

Protect AI, which offers artificial intelligence application security, just released its May vulnerability report

The report was created with Protect AI's AI/ML "bug bounty" program, huntr. According to the company, the program is made up of over 15,000 members who hunt for vulnerabilities across the "entire OSS AI/ML supply chain."  

The vulnerabilities involve tools used to build ML models that fuel AI applications. The huntr community, along with Protect AI researchers, found these tools to be vulnerable to "unique security threats."  

Here is a list of the vulnerabilities huntr has discovered:  

Remote Code Execution (RCE) in LoLLMs

"Impact: This vulnerability can lead to an attacker running arbitrary code on the server.

A vulnerability present in older versions of llama-cpp-python combined with the binding_zoo feature in the LoLLMs webserver can allow attackers to use a malicious 3rd party hosted model to execute code remotely."

Denial of Service (DOS) in mintplex-labs/anything-llm

"Impact: This vulnerability allows an attacker to shut down the server through the file upload endpoint.

The vulnerability is present in the file upload endpoint, where a specially crafted request can cause the server to shut down. This issue arises from the server's inability to properly handle certain types of upload requests, making it susceptible to a Denial of Service (DOS) attack."

Remote Code Execution (RCE) in mintplex-labs/anything-llm

"Impact: This vulnerability can allow attackers to remotely execute code on the server.

The vulnerability involves injecting malicious code into the LocalAiBasePath parameter which will write the code to a .env file. Through a string of other HTTP requests, this code can then be triggered leading to server takeover."

Protect AI also released recommendations to fix these vulnerabilities (and also offers Sightline, a security feed of all found issues): 

 

CVE

Title

Severity

CVSS

Fixed

Recommendations

N/A

OS Command

Injection in

prune_by_mem ory_estimation in paddle

Critical

9.8

Yes

Upgrade to version bd70057f653261ac79ff 1e7801192839ee92f61 e

CVE-2024-4

078

Remote Code

Execution caused by lack of sanitization in

/unInstall_bind ing in lollms

Critical

9.8

Yes

Upgrade to version 7ebe08da7e0026b155a f4f7be1d6417bc64cf02f

CVE-2024-4

326

Remote code executions using

/apply_setting s in lollms-webui

Critical

9.8

Yes

Upgrade to version 9.5

 

CVE-2024-1

511

Numerous instances of Path Traversal in lollms-webui

Critical

9.8

Yes

Upgrade to version 9.5

CVE-2024-3

104

Remote code execution using environment variables in anything-llm

Critical

9.6

Yes

Upgrade to version bfedfebfab032e6f4d5a3 69c8a2f947c5d0c5286

CVE-2024-2

624

Path traversal in

'/switch_perso nal_path' cause

sensitive configs leakage &&

Arbitrary

Upload &

Overwrites in lollms-webui

Critical

9.4

Yes

Upgrade to version 9.4

CVE-2024-3

033

Improper authorization check leads to deleting and erasing all data in VectorDB in anything-llm

Critical

9.1

Yes

Upgrade to version bf8df60c02b9ddc7ba68 2809ca12c5637606393 a

CVE-2024-1

879

CSRF to RCE in autogpt

High

8.8

Yes

Upgrade to version 5.1

 

CVE-2024-1

881

Shell

command

allowlist / denylist bypass in autogpt

High

8.8

Yes

Upgrade to version 5.1.0

CVE-2024-4

181

Command

injection due to use of eval in RunGptLLM in llama_index

High

8.8

Yes

Upgrade to version

0.10.13

CVE-2024-3

152

Privilege escalation from default to role to admin and then LFI and more in

anything-llm

High

8.8

Yes

Upgrade to version

200bd7f0615347ed2efc 07903d510e5a208b0af c

CVE-2024-3

126

Command

injection in 'run_xtts_api_s erver' when starting xtts services in lollms-webui

High

8.4

Yes

Upgrade to version 9.5

CVE-2024-3

435

Path Traversal in

'save_settings' bypassing existing patches causing RCEs in lollms-webui

High

8.4

Yes

Upgrade to version 9.5

 

CVE-2024-2

288

CSRF File Upload in lollms-webui

High

8.3

Yes

Upgrade to version 9.3

CVE-2024-1

880

OS Command

injection in

MacOS

Text-To-Speec h class in autogpt

High

7.8

Yes

Upgrade to version 5.1.0

CVE-2024-1

666

Create radar without paying money in

lunary

High

7.5

Yes

Upgrade to version 1.2.7

CVE-2024-1

738

Get the result of any org's evaluation in lunary

High

7.5

Yes

Upgrade to version 1.2.4

CVE-2024-2

928

Local File Read (LFI) by URI fragment parsing confusion in mlflow

High

7.5

Yes

Upgrade to version

2.11.3

CVE-2024-3

848

Local File

Read/Path Traversal bypass in mlflow

High

7.5

Yes

Upgrade to version

2.12.1

CVE-2024-2

548

Path traversal leads to read any file on the Windows platform

High

7.5

Yes

Upgrade to version 9.5

 

 

system in lollms-webui

 

 

 

 

CVE-2024-3

110

Stored XSS to admin account takeover in anything-llm

High

7.3

Yes

Upgrade to version

49f30e051c9f6e28977d

57d0e5f49c1294094e4

1

CVE-2024-3

153

Shutting down the server by sending invalid upload request in anything-llm

Medium

6.5

Yes

Upgrade to version b8d37d9f43af2facab4c 51146a46229a58cb53d

9

CVE-2024-2

035

Improper authorization in API PUT

/api/v1/users/i d leads to deactivate default user in zenml

Medium

6.5

Yes

Upgrade to version

0.56.2

CVE-2024-4

263

Low privilege users can

delete artifacts with EDIT permission in mlflow

Medium

5.4

Yes

Upgrade to version

2.10.1

CVE-2024-1

665

Create evaluation without paying money in

lunary

Medium

5.3

Yes

Upgrade to version 1.2.7

 

CVE-2024-3

102

JSON Injection in login in anything-llm

Medium

5.3

Yes

Upgrade to version

2374939ffb551ab2929d

7f9d5827fe6597fa8caa

CVE-2024-2

383

Frameable response

(potential

Clickjacking) in zenml

Medium

4.3

Yes

Upgrade to version

0.56.3

CVE-2024-2

8088

RCE & API

token leakage via URI traversal in langchain

Low

3.9

Yes

Upgrade to version

0.1.12

CVE-2024-3

166

Cross site scripting using the fetch website feature in anything-llm

Low

3.4

Yes

Upgrade to version 1.4.2

CVE-2024-2

171

Stored XSS in LogoURL in zenml

Low

3.4

Yes

Upgrade to version

0.56.2

CVE-2024-2

213

Unverified Password Change in zenml

Low

3.3

Yes

Upgrade to version

0.56.3

CVE-2024-2

032

Race condition - Create multiple user with the same username in zenml

Low

3.1

Yes

Upgrade to version

0.55.5

 

 

 

 

 

You may also like
Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Security

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

clock 07-16-2024 • 2 min read
Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

Security

The intrusion was restricted to internal systems, the company said.

clock 07-01-2024 • 2 min read
Surge In Global Ransomware Attacks As LockBit Returns

Security

LockBit 3.0 resurfaces as leading threat actor.

clock 06-21-2024 • 3 min read

More on Security

Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock 07-16-2024 • 2 min read
Mammoth Microsoft Patch Tuesday Fixes Four Zero-Days, Five Critical Bugs

Mammoth Microsoft Patch Tuesday Fixes Four Zero-Days, Five Critical Bugs

142 holes plugged this month

John Leonard
clock 07-12-2024 • 3 min read
Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

The intrusion was restricted to internal systems, the company said.

clock 07-01-2024 • 2 min read