48 Vulnerabilities Uncovered In AI systems : Surge By 220%

Post Sharing

Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities.

The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities.

The experts discovered that specific security risks may be exploited against the supply chain tools that are used to create the machine learning models that drive AI applications.

Thousands of times a month, these open-source tools are downloaded to develop enterprise artificial intelligence systems.

The analysis highlights Remote Code Execution (RCE) as a widespread vulnerability that enables an attacker to execute commands or programs on a victim’s computer or server without requiring physical access.

The compromised system could be fully taken over by the attacker, resulting in data breaches.

Significant Vulnerabilities In AI Systems

Remote Code Execution In PyTorch Serve:

An attacker can use this vulnerability to run arbitrary code to compromise the server hosting PyTorch Serve.

With a CVSS base score of 9.8, this vulnerability is categorized as a critical severity, and CVE is unavailable as per the maintainer’s request.

If PyTorch Serve were exposed to the network, a remote user uploading a model containing malicious code might attack it.

When the model is deployed, this code is run, which could result in remote code execution on the server.

Insecure Deserialization In BentoML

With a CVSS base score of 9.8, this vulnerability is categorized as a critical severity and is tracked as CVE-2024-2912.

This vulnerability allows remote attackers to execute arbitrary code on the server.

An unsafe deserialization vulnerability exists in BentoML. An attacker can run any code on the server hosting the BentoML application by sending a specially crafted request.

It is recommended that you upgrade to version 1.2.5.

Regular Expression Denial Of Service (ReDoS) In FastAPI

With a High severity level and a CVSS base score of 7.5, the bug is tracked as CVE-2024-24762.
A denial of service attack may result from this vulnerability, making the server unresponsive.

FastAPI is susceptible to a ReDoS attack when parsing Form data in certain scenarios. By fully using the CPU, this vulnerability can be used to render the server unresponsive.

Server-Side Template Injection In BerriAI/Litellm

Attackers may use this vulnerability to permit the server to execute illegal commands.

In BerriAI’s litellm project, the hf_chat_template method uses the Jinja template engine to process user input without properly sanitizing it. On the server, this can be used to run arbitrary commands.

It is recommended to upgrade to version 0.109.1

The Complete List Of Vulnerabilities In AI Systems

CVE		Title		Severity		CVSS		Fixed		Recommendations
CVE-2024-3025	Arbitrary file deletion / reading via path traversal in logo photo upload and download feature in anything-llm		Critical		9.9		Yes		Upgrade to version 1.0.0
CVE-2024-2083	Directory Traversal in /api/v1/steps in zenml		Critical		9.9		Yes		Upgrade to version 0.55.5
N/A per maintainer request	Remote Code Execution due to Full Controlled File Write in pytorch/serve		Critical		9.8		Yes		Read security documentation for secure deployment.
CVE-2024-2912	RCE By Sending A Single POST Request Via Insecure Deserialization in bentoml		Critical		9.8		Yes		Upgrade to version 1.2.5
CVE-2024-3098	Prompt Injection leading to Arbitrary Code Execution in llama_index		Critical		9.8		Yes		Upgrade to version 0.10.24
CVE-2024-2221	Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in qdrant		Critical		9.8		Yes		Upgrade to version 1.8.0
CVE-2024-1520	OS Command Injection in lollms-webui		Critical		9.8		Yes		Upgrade to version 9.1
CVE-2024-2029	Command injection in audioToWav in mudler/localai in localai		Critical		9.8		Yes		Upgrade to version 2.10.0
CVE-2024-3271	safe_eval bypass lead to RCE (Command Injection) in llama_index		Critical		9.8		Yes		Upgrade to version 10.26
CVE-2024-1600	Local File Inclusion in lollms-webui		Critical		9.3		Yes		Upgrade to version 9.5
CVE-2024-3573	Local File Read (LFI) due to scheme confusion in mlflow		Critical		9.3		Yes		Upgrade to version 2.10.0
CVE-2024-1643	join any organization and read/modify all data in lunary		Critical		9.1		Yes		Upgrade to version 1.2.2
CVE-2024-1740	removed user from a org can read/create/modify/delete logs in lunary		Critical		9.1		Yes		Upgrade to version 1.2.7
CVE-2024-1626	idor bug to change any org project in lunary		Critical		9.1		Yes		Upgrade to version 1.0.0
CVE-2024-0404	Mass assignment in account creation from invitation in anything-llm		Critical		9.1		Yes		Upgrade to version 1.0.0
CVE-2024-3029	Deactivate Multi-User Mode and Delete All Users in anything-llm		Critical		9.0		Yes		Upgrade to version 1.0.0
CVE-2024-1522	Remote Code Execution Via Cross-Site Request Forgery in lollms-webui		High		8.8		Yes		Upgrade to version 9.2
CVE-2024-1540	[gradio-app/gradio] Secrets exfiltration via the [deploy+test-visual.yml] workflow in gradio		High		8.6		Yes		Upgrade to commit d56bb28df80d8db1f33e4acf4f6b2c4f87cb8b28
CVE-2024-1646	Insufficient protection over sensitive endpoints in lollms-webui		High		8.2		Yes		Upgrade to version 9.3
CVE-2024-25723	Improper Access Control leads to Account Takeover/Privilege Escalation in zenml		High		8.1		Yes		Upgrade to version 0.56.2
CVE-2024-0798	privilege escalation bug to delete the uploaded document in anything-llm		High		8.1		Yes		Upgrade to version 1.0.0
CVE-2024-0549	Path traversal leads to anythingllm.db deletion in anything-llm		High		8.1		Yes		Upgrade to version 1.0.0
CVE-2024-24762	Content-Type Header ReDoS in fastapi		High		7.5		Yes		Upgrade to version 0.109.1
CVE-2024-3569	DOS attack in Just me mode in anything-llm		High		7.5		Yes		Upgrade to version 1.0.0
CVE-2024-1625	idor bug to delete any org project in lunary		High		7.5		Yes		Upgrade to version 1.0.1
CVE-2024-1728	Local File Inclusion in gradio		High		7.5		Yes		Upgrade to version 4.19.2
CVE-2024-2217	Unauthorized access to config.json file in chuanhuchatgpt		High		7.5		Yes		Upgrade to version 20240310
CVE-2024-1892	Denial of Service when parsing downloaded XML content in XMLFeedSpider in scrapy		High		7.5		Yes		Upgrade to version 2.11
CVE-2024-1739	creating account with same email in lunary		High		7.5		Yes		Upgrade to version 1.0.2
CVE-2024-1601	SQL injection in delete_discussion()in lollms-webui		High		7.5		Yes		Upgrade to version 9.2
CVE-2024-1561	Local file read by calling arbitrary methods of Components class in gradio		High		7.5		Yes		Upgrade to version 4.13.0
N/A per maintainer request	Bypass private/linklocal/loopback IP validation Method lead to SSRF in netaddr		High		7.5		Yes		Upgrade to version 0.10.0
CVE-2024-3572	Parsing XML content using insecure function in scrapy		High		7.5		Yes		Upgrade to version 2.11.1
CVE-2024-3574	Authorization header leaked to third party site and it allow to hijack victim account in scrapy		High		7.5		Yes		Upgrade to version 2.11.1
CVE-2024-2206	Insufficient SSRF protection allow gradio app to proxy arbitrary URLs in gradio		High		7.3		Yes		Upgrade to version 4.18
CVE-2024-3283	Mass assignment that leads to privilege escalation attack in anything-llm		High		7.2		Yes		Upgrade to version 1.0.0
CVE-2024-3028	User can read and delete arbitrary files in anything-llm		High		7.2		Yes		Upgrade to version 1.0.0
CVE-2024-3101	Users can escalate privileges by deactivating ‘Multi-User Mode’. in anything-llm		Medium		6.7		Yes		Upgrade to version 1.0.0
CVE-2023-6568	Reflected POST XSS in mlflow		Medium		6.5		Yes		Upgrade to version 2.9.0
CVE-2024-3571	Local File Inclusion (LFI) to Remote Code Execution in langchain		Medium		6.5		Yes		Upgrade to version 0.0.353
CVE-2024-1183	ssrf bug to scan internet network in gradio		Medium		6.5		Yes		Upgrade to version 4.11
CVE-2024-1455	Billion laughs vulnerability that leads to DOS in langchain		Medium		5.9		Yes		Upgrade to version 0.1.35
CVE-2024-1729	timing attack to guess the password in gradio		Medium		5.9		Yes		Upgrade to version 4.19.2
CVE-2024-1599	bypass payment and create more project than limit without paying extra money in lunary		Medium		5.3		Yes		Upgrade to version 1.0.0
CVE-2024-1569	Denial of Service in lollms-webui		Medium		5.3		Yes		Upgrade to version 9.2
CVE-2024-1727	CSRF allows attacker to upload many large files to victim in gradio		Medium		4.3		Yes		Upgrade to version 4.19.2
CVE-2024-2260	Session fixation lead to bypass authentication in zenml		Medium		4.2		Yes		Upgrade to version 0.56.2
CVE-2024-3568	Transformers has a Deserialization of Untrusted Data vulnerability in transformers		Low		3.4		Yes		Upgrade to version 4.38

Hence, this pro-active method of detecting and resolving security issues in AI systems gives everyone significant information about vulnerabilities and facilitates their prompt fix to these vulnerabilities.

The post 48 Vulnerabilities Uncovered In AI systems : Surge By 220% appeared first on Cyber Security News.