AI/ML, Vulnerability Management

Critical vulnerabilities in open-source tools for AI identified

Share
AI-generated code

Open-source tools for artificial intelligence Setuptools, Lunary, and Netaddr were discovered to be impacted by critical vulnerabilities, all of which have already been addressed, reports SiliconAngle.

Attackers could have leveraged the issue in the Setuptools Python package — which is used to facilitate Python library management and installation in AI models — to enable arbitrary code execution via specially crafted package URLs, while the authorization bypass flaw in the Lunary developer platform for improving large language model-based apps could have been exploited to allow persistent organizational template access and modification, as well as data alteration, an analysis from Protect AI showed. On the other hand, exploitation of the server-side request forgery flaw in the Netaddr Python library for altering AI projects' network addresses could allow threat actors to evade SSRF protections and infiltrate internal networks, the study revealed. All of the vulnerabilities were discovered via the AI and machine learning bug bounty program of Protect AI.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.