Threat Intelligence

Live CVE feed

299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.

299threats · All threats· page 10/15
Get guardrails →

python-jose denial of service via compressed JWE content

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

OWASP A06LLM10OWASP Web
Get guardrail →
2 rules

python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

OWASP A02OWASP Web
Get guardrail →
2 rules

langchain vulnerable to path traversal

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

OWASP A01OWASP LLM
Get guardrail →
2 rules

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

gradio vulnerable to Path Traversal

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via launch(share=True), thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on huggingface.co are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.

2 rules

gradio Server-Side Request Forgery vulnerability

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

2 rules

Pydantic regular expression denial of service

Regular expression denial of service in Pydantic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

2 rules

llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the exec_utils class of the llama_index package, specifically within the safe_eval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

gradio Server-Side Request Forgery vulnerability

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the build_proxy_request function.

OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →
2 rules

LangChain's XMLOutputParser vulnerable to XML Entity Expansion

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the XMLOutputParser and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service

2 rules

Gradio apps vulnerable to timing attacks to guess password

Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio apps are, by default, not rate-limited, a user could brute-force millions of guesses to figure out the correct username and password. Patches Yes, the problem has been patched in Gradio version 4.19.2 or higher. We have no knowledge of this exploit being used against users of Gradio applications, but we encourage all users to upgrade to Gradio 4.19.2 or higher. Fixed in: https://github.com/gradio-app/gradio/commit/e329f1fd38935213fe0e73962e8cbd5d3af6e87b

Gradio Path Traversal vulnerability

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

OWASP A01OWASP LLM
Get guardrail →
2 rules

SQL injection in llama-index

LlamaIndex (aka llama_index) through 0.9.35 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input.

OWASP A03OWASP LLM
Get guardrail →

Gradio makes the `/file` secure against file traversal and server-side request forgery attacks

Older versions of gradio contained a vulnerability in the /file route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with share=True, or on Hugging Face Spaces) if they knew the path of files to look for. This was not possible through regular URLs passed into a browser, but it was possible through the use of programmatic tools such as curl with the --pass-as-is flag. Furthermore, the /file route in Gradio apps also contained a vulnerability that made it possible to use it for SSRF attacks. Both of these vulnerabilities have been fixed in gradio==4.11.0

OWASP A01OWASP LLM
Get guardrail →

transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

OWASP A08LLM05 · Supply ChainOWASP LLM
Get guardrail →
2 rules

transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.0.

OWASP A08LLM05 · Supply ChainOWASP LLM
Get guardrail →
2 rules

Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main.

OWASP A03LLM01 · Prompt InjectionLLM02 · Insecure OutputOWASP LLM
Get guardrail →

Langchain Server-Side Request Forgery vulnerability

In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

OWASP A03OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →
2 rules

Langchain SQL Injection vulnerability

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.

OWASP A03OWASP LLM
Get guardrail →

Showing 181200 of 299 threats