Skip to content

Critical AI Tool Vulnerabilities Let Attackers Execute Arbitrary Code

  • by
Kubernetes Security on AWS

Multiple critical flaws in the infrastructure supporting AI models have been uncovered by researchers, which raise the risk of server takeover, theft of sensitive information, model poisoning, and unauthorized access.

Affected are platforms that are essential for hosting and deploying large language models, including Ray, MLflow, ModelDB, and H20. While some vulnerabilities have been addressed, others have not received a patch.

Researchers discovered a wide range of vulnerabilities in the tools used in the supply chain for building chatbots and other kinds of AI/ML models, according to Protect AI’s November Vulnerability Report.

“Many of these OSS tools, frameworks, and artifacts, come out of the box with vulnerabilities that can lead directly to complete system takeovers such as unauthenticated remote code execution or local file inclusion vulnerabilities”, reads the report.

Details of the Affected Platforms

Large language models (LLM), as well as other ML platforms and AIs, are hosted, deployed, and shared via the impacted platforms.

Free Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

These consist of the machine learning management platform ModelDB, the machine learning lifecycle platform MLflow, the machine learning platform Ray, which is used for the distributed training of machine learning models, and the open-source Java-based H20 version 3 machine learning platform.

List of Critical Vulnerabilities Patched

  • CVE-2023-6021 with CVSS Score 9.3, Ray Log File Local File Include. 
  • CVE-2023-6020 with CVSS Score 9.3 Ray Static File Local File Include.
  • CVE-2023-6019 with CVSS Score of 10, Ray Command Injection in cpu_profile parameter.
  • CVE-2023-1177 with CVSS Score of 9.3, MLflow Local File Include via Model Versions API.
  • CVE-2023-6014 with CVSS Score of 9.1, MLflow Authentication Bypass.
  • CVE-2023-6015 with CVSS Score of 10, MLflow Arbitrary File Upload.

List of Critical Vulnerabilities Unpatched

  • CVE-2023-6013 with CVSS Score of 9.3, H2O Stored XSS/LFI.
  • CVE-2023-6038 with CVSS Score of 9.3, H2O Local File Include.
  • CVE-2023-6016 with CVSS Score of 10, H2O Remote Code Execution via POJO Model Import.
  • CVE-2023-6018 with CVSS score of 10, MLflow Arbitrary File Write.


Users are recommended to “Upgrade to the latest non-vulnerable version” for fixed vulnerabilities. “Restrict access to the web application” for unpatched vulnerabilities. 

Experience how StorageGuard eliminates the security blind spots in your storage systems, try a 14-day free trial.

Source link

%d bloggers like this: