Protect AI Releases 'Bug Bounty' Report On May Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Protect AI Releases 'Bug Bounty' Report On May Vulnerabilities

Protect AI, which offers artificial intelligence application security, just released its May vulnerability report.

The report was created with Protect AI's AI/ML "bug bounty" program, huntr. According to the company, the program is made up of over 15,000 members who hunt for vulnerabilities across the "entire OSS AI/ML supply chain."

The vulnerabilities involve tools used to build ML models that fuel AI applications. The huntr community, along with Protect AI researchers, found these tools to be vulnerable to "unique security threats."

Here is a list of the vulnerabilities huntr has discovered:

Remote Code Execution (RCE) in LoLLMs

"Impact: This vulnerability can lead to an attacker running arbitrary code on the server.

A vulnerability present in older versions of llama-cpp-python combined with the binding_zoo feature in the LoLLMs webserver can allow attackers to use a malicious 3rd party hosted model to execute code remotely."

Denial of Service (DOS) in mintplex-labs/anything-llm

"Impact: This vulnerability allows an attacker to shut down the server through the file upload endpoint.

The vulnerability is present in the file upload endpoint, where a specially crafted request can cause the server to shut down. This issue arises from the server's inability to properly handle certain types of upload requests, making it susceptible to a Denial of Service (DOS) attack."

Remote Code Execution (RCE) in mintplex-labs/anything-llm

"Impact: This vulnerability can allow attackers to remotely execute code on the server.

The vulnerability involves injecting malicious code into the LocalAiBasePath parameter which will write the code to a .env file. Through a string of other HTTP requests, this code can then be triggered leading to server takeover."

Protect AI also released recommendations to fix these vulnerabilities (and also offers Sightline, a security feed of all found issues):

CVE
Title
Severity
CVSS
Fixed
Recommendations
N/A

OS Command

Injection in

prune_by_mem ory_estimation in paddle

Critical
9.8
Yes
Upgrade to version bd70057f653261ac79ff 1e7801192839ee92f61 e

CVE-2024-4

078

Remote Code

Execution caused by lack of sanitization in

/unInstall_bind ing in lollms

Critical
9.8
Yes
Upgrade to version 7ebe08da7e0026b155a f4f7be1d6417bc64cf02f

CVE-2024-4

326

Remote code executions using

/apply_setting s in lollms-webui

Critical
9.8
Yes
Upgrade to version 9.5

CVE-2024-1

511

Numerous instances of Path Traversal in lollms-webui
Critical
9.8
Yes
Upgrade to version 9.5

CVE-2024-3

104

Remote code execution using environment variables in anything-llm
Critical
9.6
Yes
Upgrade to version bfedfebfab032e6f4d5a3 69c8a2f947c5d0c5286

CVE-2024-2

624

Path traversal in

'/switch_perso nal_path' cause

sensitive configs leakage &&

Arbitrary

Upload &

Overwrites in lollms-webui

Critical
9.4
Yes
Upgrade to version 9.4

CVE-2024-3

033

Improper authorization check leads to deleting and erasing all data in VectorDB in anything-llm
Critical
9.1
Yes
Upgrade to version bf8df60c02b9ddc7ba68 2809ca12c5637606393 a

CVE-2024-1

879

CSRF to RCE in autogpt
High
8.8
Yes
Upgrade to version 5.1
system in lollms-webui

CVE-2024-3

110

Stored XSS to admin account takeover in anything-llm
High
7.3
Yes

Upgrade to version

49f30e051c9f6e28977d

57d0e5f49c1294094e4

1

CVE-2024-3

153

Shutting down the server by sending invalid upload request in anything-llm
Medium
6.5
Yes

Upgrade to version b8d37d9f43af2facab4c 51146a46229a58cb53d

9

CVE-2024-2

035

Improper authorization in API PUT

/api/v1/users/i d leads to deactivate default user in zenml

Medium
6.5
Yes

Upgrade to version

0.56.2

CVE-2024-4

263

Low privilege users can

delete artifacts with EDIT permission in mlflow

Medium
5.4
Yes

Upgrade to version

2.10.1

CVE-2024-1

665

Create evaluation without paying money in

lunary

Medium
5.3
Yes
Upgrade to version 1.2.7

CVE-2024-3

102

JSON Injection in login in anything-llm
Medium
5.3
Yes

Upgrade to version

2374939ffb551ab2929d

7f9d5827fe6597fa8caa

CVE-2024-2

383

Frameable response

(potential

Clickjacking) in zenml

Medium
4.3
Yes

Upgrade to version

0.56.3

CVE-2024-2

8088

RCE & API

token leakage via URI traversal in langchain

Low
3.9
Yes

Upgrade to version

0.1.12

CVE-2024-3

166

Cross site scripting using the fetch website feature in anything-llm
Low
3.4
Yes
Upgrade to version 1.4.2

CVE-2024-2

171

Stored XSS in LogoURL in zenml
Low
3.4
Yes

Upgrade to version

0.56.2

CVE-2024-2

213

Unverified Password Change in zenml
Low
3.3
Yes

Upgrade to version

0.56.3

CVE-2024-2

032

Race condition - Create multiple user with the same username in zenml
Low
3.1
Yes

Upgrade to version

0.55.5