Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Data Poisoning in EmbedAI
Vulnerability Description
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
PrivateGPT 安全漏洞
Vulnerability Description
PrivateGPT是一个 AI 项目。 PrivateGPT存在安全漏洞,该漏洞源于缺乏安全会话管理实现以及CORS策略薄弱,导致存在跨站请求伪造(CSRF)漏洞。攻击者可以用该漏洞引发数据中毒攻击。
CVSS Information
N/A
Vulnerability Type
N/A