Protect AI Releases 'Bug Bounty' Report On August Vulnerabilities

The vulnerabilities involve tools used to build machine language models that fuel artificial intelligence applications.

Protect AI, which offers artificial intelligence application security, just released its August vulnerability report.

The report was created with Protect AI's AI/ML "bug bounty" program, huntr. According to the company, the huntr community is made up of over 15,000 members who hunt for vulnerabilities across the "entire OSS AI/ML supply chain."

The vulnerabilities involve tools used to build ML models that fuel AI applications. These tools are open source and are heavily downloaded to build enterprise AI solutions, Protect AI said in a news release.

This month, the huntr community along with Protect AI researchers, discovered 20 vulnerabilities some of which allow bad actors to perform complete system takeovers.

Here is a list of the vulnerabilities huntr has discovered in August:

Remote Code Execution (RCE) in Setuptools

Impact: This vulnerability allows attackers to execute arbitrary code on the system using specially crafted package URLs.

The vulnerability in Setuptools arises from the way it handles package URLs, allowing for code injection. If an attacker can control the URL input, they can inject and execute arbitrary commands on the system. This can be exploited through various vectors, including setup configuration files, command-line arguments, and custom applications relying on Setuptools.

Authorization Bypass in Lunary

Impact: Removed users can still access, modify, and delete organizational templates, leading to unauthorized data manipulation.

The vulnerability in Lunary allows users who have been removed from an organization to continue accessing and modifying templates using old authorization tokens. This occurs because the system does not invalidate tokens upon user removal, enabling unauthorized actions such as reading, creating, editing, and deleting templates.

Server-Side Request Forgery (SSRF) in Netaddr

Impact: This vulnerability can be exploited to bypass SSRF protections, potentially allowing access to internal networks.

The vulnerability in Netaddr involves the mishandling of IPv4-mapped IPv6 addresses. Functions like is_private, is_link_local, and is_loopback do not correctly identify these addresses, which can lead to SSRF attacks. Attackers can exploit this by using IPv4-mapped IPv6 addresses to bypass security checks and access internal resources.

Here is the full list of vulnerabilities. Click on the links for recommended fixes and more information on each:

CVE-2024-0455 :
ssrf bug to steal awsmetadata in anything-llm
CVE-2024-2952 :
Server-Side Template Injection in /completions endpoint in litellm
CVE-2024-3408 :
Authentication bypass and RCE in dtale
None :
OS Command Injection in prune_by_memory_estimation in paddle
CVE-2024-0765 :
default/manager user can get all system database information like username,password,api_key etc. in anything-llm
CVE-2024-3279 :
Anonymous access to import endpoint leads to anythingllm.db deletion/spoofing in anything-llm
CVE-2024-1741 :
Member can read/create/modify/delete templates even after removed from organizations in lunary
CVE-2024-5980 :
Arbitrary File Write via /v1/runs API endpoint in pytorch-lightning
CVE-2024-6345 :
Remote code execution via download functions in the package_index module in setuptools
CVE-2024-0759 :
ssrf bug to access internal network in anything-llm
CVE-2024-1902 :
reuse of old session to change organization name in lunary
None :
Bypass private/linklocal/loopback IP validation Method lead to SSRF in netaddr
CVE-2024-6281 :
Path Traversal in Settings in lollms
CVE-2024-0436 :
timing attack to guess the authtoken in anything-llm
CVE-2024-3278 :
Privilige escalation from manager to admin in anything-llm
CVE-2024-3135 :
Cross-Site Request Forgery On All API Calls Leads to Resource, Credit & Disk Space Exhaustion in localai
CVE-2024-3095 :
SSRF in Langchain Web Research Retriever in langchain
CVE-2024-2965 :
Denial-of-Service in LangChain SitemapLoader in langchain
None :
Insecure Temporary File in setuptools
None :
Unsafe Usage of tempfile.mktemp in clearml Code in clearml