CVE-2024-48141

Published Oct 24, 2024

Last updated 23 days ago

Overview

Description: A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
Source: cve@mitre.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-77

Hype score: Not currently trending

CVE-2024-48141 A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between t… https://t.co/UlaZrpr2bd
@CVEnew
24 Oct 2024
308 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References