48 Vulnerabilities Uncovered In AI systems : Surge By 220%

Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities.

The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities. 

The experts discovered that specific security risks may be exploited against the supply chain tools that are used to create the machine learning models that drive AI applications.

Thousands of times a month, these open-source tools are downloaded to develop enterprise artificial intelligence systems.

The analysis highlights Remote Code Execution (RCE) as a widespread vulnerability that enables an attacker to execute commands or programs on a victim’s computer or server without requiring physical access. 

The compromised system could be fully taken over by the attacker, resulting in data breaches.

Significant Vulnerabilities In AI Systems

Remote Code Execution In PyTorch Serve:

An attacker can use this vulnerability to run arbitrary code to compromise the server hosting PyTorch Serve.

With a CVSS base score of 9.8, this vulnerability is categorized as a critical severity, and CVE is unavailable as per the maintainer’s request.

If PyTorch Serve were exposed to the network, a remote user uploading a model containing malicious code might attack it.

When the model is deployed, this code is run, which could result in remote code execution on the server.

Insecure Deserialization In BentoML

With a CVSS base score of 9.8, this vulnerability is categorized as a critical severity and is tracked as CVE-2024-2912.

This vulnerability allows remote attackers to execute arbitrary code on the server. 

An unsafe deserialization vulnerability exists in BentoML. An attacker can run any code on the server hosting the BentoML application by sending a specially crafted request.

It is recommended that you upgrade to version 1.2.5.

Regular Expression Denial Of Service (ReDoS) In FastAPI

With a High severity level and a CVSS base score of 7.5, the bug is tracked as CVE-2024-24762.
A denial of service attack may result from this vulnerability, making the server unresponsive.

FastAPI is susceptible to a ReDoS attack when parsing Form data in certain scenarios. By fully using the CPU, this vulnerability can be used to render the server unresponsive.

Server-Side Template Injection In BerriAI/Litellm

Attackers may use this vulnerability to permit the server to execute illegal commands.

In BerriAI’s litellm project, the hf_chat_template method uses the Jinja template engine to process user input without properly sanitizing it. On the server, this can be used to run arbitrary commands.

It is recommended to upgrade to version 0.109.1

The Complete List Of Vulnerabilities In AI Systems

CVE-2024-3025Arbitrary file deletion / reading via path traversal in logo photo upload and download feature in anything-llmCritical9.9YesUpgrade to version 1.0.0
CVE-2024-2083Directory Traversal in /api/v1/steps in zenmlCritical9.9YesUpgrade to version 0.55.5
N/A per maintainer requestRemote Code Execution due to Full Controlled File Write in pytorch/serveCritical9.8YesRead security documentation for secure deployment.
CVE-2024-2912RCE By Sending A Single POST Request Via Insecure Deserialization in bentomlCritical9.8YesUpgrade to version 1.2.5
CVE-2024-3098Prompt Injection leading to Arbitrary Code Execution in llama_indexCritical9.8YesUpgrade to version 0.10.24
CVE-2024-2221Remote Code Execution via Arbitrary File Overwrite Using Path Traversal in qdrantCritical9.8YesUpgrade to version 1.8.0
CVE-2024-1520OS Command Injection in lollms-webuiCritical9.8YesUpgrade to version 9.1
CVE-2024-2029Command injection in audioToWav in mudler/localai in localaiCritical9.8YesUpgrade to version 2.10.0
CVE-2024-3271safe_eval bypass lead to RCE (Command Injection) in llama_indexCritical9.8YesUpgrade to version 10.26
CVE-2024-1600Local File Inclusion in lollms-webuiCritical9.3YesUpgrade to version 9.5
CVE-2024-3573Local File Read (LFI) due to scheme confusion in mlflowCritical9.3YesUpgrade to version 2.10.0
CVE-2024-1643join any organization and read/modify all data in lunaryCritical9.1YesUpgrade to version 1.2.2
CVE-2024-1740removed user from a org can read/create/modify/delete logs in lunaryCritical9.1YesUpgrade to version 1.2.7
CVE-2024-1626idor bug to change any org project in lunaryCritical9.1YesUpgrade to version 1.0.0
CVE-2024-0404Mass assignment in account creation from invitation in anything-llmCritical9.1YesUpgrade to version 1.0.0
CVE-2024-3029Deactivate Multi-User Mode and Delete All Users in anything-llmCritical9.0YesUpgrade to version 1.0.0
CVE-2024-1522Remote Code Execution Via Cross-Site Request Forgery in lollms-webuiHigh8.8YesUpgrade to version 9.2
CVE-2024-1540[gradio-app/gradio] Secrets exfiltration via the [deploy+test-visual.yml] workflow in gradioHigh8.6YesUpgrade to commit d56bb28df80d8db1f33e4acf4f6b2c4f87cb8b28
CVE-2024-1646Insufficient protection over sensitive endpoints in lollms-webuiHigh8.2YesUpgrade to version 9.3
CVE-2024-25723Improper Access Control leads to Account Takeover/Privilege Escalation in zenmlHigh8.1YesUpgrade to version 0.56.2
CVE-2024-0798privilege escalation bug to delete the uploaded document in anything-llmHigh8.1YesUpgrade to version 1.0.0
CVE-2024-0549Path traversal leads to anythingllm.db deletion in anything-llmHigh8.1YesUpgrade to version 1.0.0
CVE-2024-24762Content-Type Header ReDoS in fastapiHigh7.5YesUpgrade to version 0.109.1
CVE-2024-3569DOS attack in Just me mode in anything-llmHigh7.5YesUpgrade to version 1.0.0
CVE-2024-1625idor bug to delete any org project in lunaryHigh7.5YesUpgrade to version 1.0.1
CVE-2024-1728Local File Inclusion in gradioHigh7.5YesUpgrade to version 4.19.2
CVE-2024-2217Unauthorized access to config.json file in chuanhuchatgptHigh7.5YesUpgrade to version 20240310
CVE-2024-1892Denial of Service when parsing downloaded XML content in XMLFeedSpider in scrapyHigh7.5YesUpgrade to version 2.11
CVE-2024-1739creating account with same email in lunaryHigh7.5YesUpgrade to version 1.0.2
CVE-2024-1601SQL injection in delete_discussion()in lollms-webuiHigh7.5YesUpgrade to version 9.2
CVE-2024-1561Local file read by calling arbitrary methods of Components class in gradioHigh7.5YesUpgrade to version 4.13.0
N/A per maintainer requestBypass private/linklocal/loopback IP validation Method lead to SSRF in netaddrHigh7.5YesUpgrade to version 0.10.0
CVE-2024-3572Parsing XML content using insecure function in scrapyHigh7.5YesUpgrade to version 2.11.1
CVE-2024-3574Authorization header leaked to third party site and it allow to hijack victim account in scrapyHigh7.5YesUpgrade to version 2.11.1
CVE-2024-2206Insufficient SSRF protection allow gradio app to proxy arbitrary URLs in gradioHigh7.3YesUpgrade to version 4.18
CVE-2024-3283Mass assignment that leads to privilege escalation attack in anything-llmHigh7.2YesUpgrade to version 1.0.0
CVE-2024-3028User can read and delete arbitrary files in anything-llmHigh7.2YesUpgrade to version 1.0.0
CVE-2024-3101Users can escalate privileges by deactivating ‘Multi-User Mode’. in anything-llmMedium6.7YesUpgrade to version 1.0.0
CVE-2023-6568Reflected POST XSS in mlflowMedium6.5YesUpgrade to version 2.9.0
CVE-2024-3571Local File Inclusion (LFI) to Remote Code Execution in langchainMedium6.5YesUpgrade to version 0.0.353
CVE-2024-1183ssrf bug to scan internet network in gradioMedium6.5YesUpgrade to version 4.11
CVE-2024-1455Billion laughs vulnerability that leads to DOS in langchainMedium5.9YesUpgrade to version 0.1.35
CVE-2024-1729timing attack to guess the password in gradioMedium5.9YesUpgrade to version 4.19.2
CVE-2024-1599bypass payment and create more project than limit without paying extra money in lunaryMedium5.3YesUpgrade to version 1.0.0
CVE-2024-1569Denial of Service in lollms-webuiMedium5.3YesUpgrade to version 9.2
CVE-2024-1727CSRF allows attacker to upload many large files to victim in gradioMedium4.3YesUpgrade to version 4.19.2
CVE-2024-2260Session fixation lead to bypass authentication in zenmlMedium4.2YesUpgrade to version 0.56.2
CVE-2024-3568Transformers has a Deserialization of Untrusted Data vulnerability in transformersLow3.4YesUpgrade to version 4.38

Hence, this pro-active method of detecting and resolving security issues in AI systems gives everyone significant information about vulnerabilities and facilitates their prompt fix to these vulnerabilities.