Protect AI's August 2024 Vulnerability Report

Executive Summary:

At Protect AI we are taking a proactive approach to identifying and addressing security risks in AI systems, to provide the world with critical intelligence on vulnerabilities and how to fix them. 

Protect AI’s huntr is the world's first AI/ML bug bounty program. Our community of 15,000+ members hunt for impactful vulnerabilities across the entire OSS AI/ML supply chain. Through our own research and the huntr community, we’ve found the tools used in the supply chain to build the machine learning models that power AI applications to be vulnerable to unique security threats. These tools are Open Source and downloaded thousands of times a month to build enterprise AI Systems. They also likely come out of the box with vulnerabilities that can lead directly to complete system takeovers such as unauthenticated remote code execution or local file inclusion. This report contains 20 vulnerabilities. You can find all the details of this month's vulnerabilities in the table below, or you can head over to protectai.com/sightline, to search the comprehensive database of all huntr findings, and download tools to detect, assess and remediate them within your organizations AI Supply chain. 

It is important to note that all vulnerabilities were reported to the maintainers a minimum of 45 days prior to publishing this report, and we continue to work with maintainers to ensure a timely fix prior to publication. The table also includes our recommendations for actions to take immediately, if you have these projects in production. If you need help mitigating these vulnerabilities in the meantime, please reach out, we’re here to help. community@protectai.com.

Remote Code Execution (RCE) in Setuptools

https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5

Impact: This vulnerability allows attackers to execute arbitrary code on the system using specially crafted package URLs.

The vulnerability in Setuptools arises from the way it handles package URLs, allowing for code injection. If an attacker can control the URL input, they can inject and execute arbitrary commands on the system. This can be exploited through various vectors, including setup configuration files, command-line arguments, and custom applications relying on Setuptools.

Authorization Bypass in Lunary

https://huntr.com/bounties/671bd040-1cc5-4227-8182-5904e9c5ed3b

Impact: Removed users can still access, modify, and delete organizational templates, leading to unauthorized data manipulation.

The vulnerability in Lunary allows users who have been removed from an organization to continue accessing and modifying templates using old authorization tokens. This occurs because the system does not invalidate tokens upon user removal, enabling unauthorized actions such as reading, creating, editing, and deleting templates.

Server-Side Request Forgery (SSRF) in Netaddr

https://huntr.com/bounties/dc4c3967-8951-40dc-94f1-46df7fb57060

Impact: This vulnerability can be exploited to bypass SSRF protections, potentially allowing access to internal networks.

The vulnerability in Netaddr involves the mishandling of IPv4-mapped IPv6 addresses. Functions like is_private, is_link_local, and is_loopback do not correctly identify these addresses, which can lead to SSRF attacks. Attackers can exploit this by using IPv4-mapped IPv6 addresses to bypass security checks and access internal resources.