Protect AI | Threat Research

Protect AI's October 2024 Vulnerability Report

Written by Dan McInerney & Marcello Salvati | Oct 29, 2024 12:45:00 PM

Executive Summary

At Protect AI we are taking a proactive approach to identifying and addressing security risks in AI systems, to provide the world with critical intelligence on vulnerabilities and how to fix them. 

Protect AI’s huntr is the world's first AI/ML bug bounty program. Our community of 15,000+ members hunt for impactful vulnerabilities across the entire OSS AI/ML supply chain. Through our own research and the huntr community, we’ve found the tools used in the supply chain to build the machine learning models that power AI applications to be vulnerable to unique security threats. These tools are Open Source and downloaded thousands of times a month to build enterprise AI Systems. They also likely come out of the box with vulnerabilities that can lead directly to complete system takeovers such as unauthenticated remote code execution or local file inclusion. This report contains 34 vulnerabilities You can find all the details of this month's vulnerabilities in the table below, or you can head over to protectai.com/sightline, to search the comprehensive database of all huntr findings, and download tools to detect, assess and remediate them within your organization's AI Supply chain. 

It is important to note that all vulnerabilities were reported to the maintainers a minimum of 45 days prior to publishing this report, and we continue to work with maintainers to ensure a timely fix prior to publication. The table also includes our recommendations for actions to take immediately, if you have these projects in production. If you need help mitigating these vulnerabilities in the meantime, please reach out, we’re here to help. community@protectai.com.

Top Vulnerabilities

Timing Attack in LocalAI

https://sightline.protectai.com/vulnerabilities/3fbcf95a-4a19-45ec-9463-c7858274047b

Impact: An attacker can potentially determine valid API keys by analyzing the response time of the server.

The vulnerability allows an attacker to perform a timing attack, which is a type of side-channel attack. By measuring the time taken to process requests with different API keys, the attacker can infer the correct API key one character at a time.

Insecure Direct Object Reference (IDOR) in Lunary

https://sightline.protectai.com/vulnerabilities/a8580293-cbec-4e97-8b6f-aec2c557f8ea

Impact: Unauthorized users can view or delete internal user data by manipulating user-controlled ID values.

The vulnerability arises because the application does not properly validate user-controlled ID values. This allows an attacker to access or delete data of other users by simply changing the ID in the request.

Insecure Direct Object Reference (IDOR) in Lunary

https://sightline.protectai.com/vulnerabilities/88d7a4f7-fb4f-40ff-8c32-276befb2dd78

Impact: Unauthorized users can update other users' prompts by manipulating user-controlled ID values.

The vulnerability is due to the application using a user-controlled ID parameter without proper validation. This allows an attacker to update prompts belonging to other users by changing the ID in the request.

Table

CVE

Title

Severity

CVSS

Fixed

Recommendations

CVE-2024-7475

Improper Access Control on SAML Configuration in lunary

Critical

9.1

Yes

Upgrade to version 1.3.4

CVE-2024-5982

Path Traversal Causes Arbitrary Upload (RCE), Arbitrary Directory Creation, and File Content Leakage (First Column of CSVs) in chuanhuchatgpt

Critical

9.1

Yes

Upgrade to version 20240918

CVE-2024-7474

IDOR allow view/delete external_user in lunary

Critical

9.1

Yes

Upgrade to version 1.3.4

CVE-2024-6983

Remote Code Execution in localai

High

8.8

Yes

Upgrade to version 2.19.4

CVE-2024-6255

Arbitrary File Deletion via Directory Traversal in JSON File Handling in chuanhuchatgpt

High

8.2

Yes

Upgrade to version 20240918

CVE-2024-6674

Data leak through CORS misconfiguration in lollms-webui

High

8.1

Yes

Upgrade to version 10

CVE-2024-6868

arbitrary file write by abusing automatic archive extraction in localai

High

8.1

Yes

Upgrade to version 2.18.1

CVE-2024-8396

Arbitrary File Overwrite & RCE via Tarfile Path Traversal in djl

High

7.8

Yes

Upgrade to version 0.28.0

CVE-2024-6090

Deleting Other User's Chat History in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240918

CVE-2024-6036

The server can be restarted by any user, any number of times disrupting the whole service. in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240919

CVE-2024-6038

ReDoS Vulnerability in Chat History Filtering via Regular Expression Injection in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240918

CVE-2024-6037

Arbitrary folder creation, at any location of the Server, including C:/ (root) dir in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240918

CVE-2024-4321

Local File Inclusion (LFI) in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240919-2

CVE-2024-7962

Arbitrary File Read via Insufficient Validation in Load Prompt template in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240918

CVE-2024-7807

DOS in multipart boundry while uploading the file in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240918

CVE-2024-4520

Any user can access the chat history of any other user without any interaction in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240919

CVE-2024-5124

Timing Attack to guess password in chuanhuchatgpt

High

7.5

Yes

Upgrade to version 20240628

CVE-2024-7010

Timing Attack in localai

High

7.5

Yes

Upgrade to version 2.21

CVE-2024-7473

Idor update any prompts in lunary

High

7.5

Yes

Upgrade to version 1.4.3

CVE-2024-6035

Stored XSS via Chat History upload in chuanhuchatgpt

High

7.4

Yes

Upgrade to version 20240918

CVE-2024-5822

Chuanhu's upload processing interface has ssrf vulnerability in chuanhuchatgpt

High

7.3

Yes

Upgrade to version 20240410

CVE-2024-3402

Insecure model output handling leads to XSS vulnerability in chuanhuchatgpt

Medium

6.8

Yes

Upgrade to version 20240919

CVE-2024-5823

File Overwrite Vulnerability Leads to Configuration File Tampering and Denial of Service Attack Risk in chuanhuchatgpt

Medium

6.5

Yes

Upgrade to version 20240919

CVE-2024-6581

Remote code exection due to stored XSS In svg image in lollms

Medium

6.5

Yes

Upgrade to version 9.9

CVE-2024-8143

Chat history of any user can be leaked in /file endpoint in chuanhuchatgpt

Medium

6.5

Yes

Upgrade to version 20240919

CVE-2024-5278

File Upload Vulnerability may leads to RCE in chuanhuchatgpt

Medium

6.5

Yes

Upgrade to version 20240919

CVE-2024-3404

Unauthorized access to chat history in chuanhuchatgpt

Medium

6.5

Yes

Upgrade to version 20240919

CVE-2024-7774

Path Traversal in getFullPath in langchainjs

Medium

6.5

Yes

Upgrade to version 0.2.19

CVE-2024-7783

Improper Storage of Sensitive information in *** in anything-llm

Medium

5.9

Yes

Upgrade to version 1.0.3

CVE-2024-7472

Unauthorized Email Injection Vulnerability in lunary

Medium

5.3

Yes

Upgrade to version 1.4.10

CVE-2024-5998

pickle deserialization vulnerability in langchain

Medium

5.2

Yes

Upgrade to version 0.2.9

CVE-2024-7042

Prompt injection in the GraphCypherQAChain class results in SQL injection, completely compromising the database in langchainjs

Medium

4.9

Yes

Upgrade to version 0.3.1

CVE-2024-8309

Prompt injection in the GraphCypherQAChain class results in SQL injection, completely compromising the database in langchain

Medium

4.9

Yes

Upgrade to version 0.3.0

CVE-2024-6673

CSRF install_comfyui in lollms_comfyui.py in lollms-webui

Medium

4.4

Yes

Upgrade to version 9.9