967 matches found
CVE-2024-4099
GitLab Enterprise Edition (EE) is affected by CVE-2024-4099 across all versions: 16.0–16.2.x? (as per description: 16.0 up to 17.2.7, 17.3 up to 17.3.3, and 17.4 up to 17.4.0). The underlying issue involves an AI feature that reads unsanitized content, which could allow an attacker to hide prompt...
CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection...
CVE-2024-4099
Removed by vendor...
CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection...
CVE-2024-45989
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious...
PT-2024-31874 · Unknown · Monica Ai Assistant
Name of the Vulnerable Software and Affected Versions: Monica AI Assistant desktop application version 2.3.0 Description: The issue allows an attacker to modify the chatbot's answer with an unloaded image, which can exfiltrate the user's sensitive chat data of the current session to a malicious...
CVE-2024-45989
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious...
PT-2024-6709 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.0 through 17.2.7 GitLab EE versions 17.3 through 17.3.3 GitLab EE versions 17.4 through 17.4.0 Description: An issue has been discovered in GitLab EE affecting the AI feature, which reads unsanitized content. This could...
CVE-2024-45989
CVE-2024-45989 affects the Monica AI Assistant desktop application v2.3.0. The vulnerability is a prompt injection that allows an attacker to inject an unloaded image into chatbot answers, enabling exfiltration of the user’s current-session chat data to a malicious third party or attacker-control...
ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence AI tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of...
BIT-GITLAB-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...
CVE-2024-7110
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...
CVE-2024-7110
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...
UBUNTU-CVE-2024-7110
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...
CVE-2024-7110
CVE-2024-7110 affects GitLab EE, spanning all versions 17.0–17.1.6, 17.2 before 17.2.4, and 17.3 before 17.3.1. The issue allows an attacker to execute arbitrary commands in a victim’s pipeline via prompt injection. The available connected documents consistently describe the vulnerability as a co...
CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...
CVE-2024-7110
Removed by vendor...
GitLab 17.1 < 17.1.6 / 17.2 < 17.2.4 / 17.3 < 17.3.1 (CVE-2024-7110)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeli...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 17.0 through 17.1.6, 17.2 through 17.2.4, and 17.3 through 17.3.1, which stems from an arbitrary command that can be executed via...
Gitlab -- vulnerabilities
Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...