Security News > 2024 > June > Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
2024-06-27 10:04
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary
News URL
https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- 20% of Generative AI ‘Jailbreak’ Attacks Succeed, With 90% Exposing Sensitive Data (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- From Misuse to Abuse: AI Risks and Attacks (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- AI-Assisted Attacks Top Cyber Threat For Third Consecutive Quarter, Gartner Finds (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)