CVE-2024-48139

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Oct 24, 2024 / Updated: 26d ago

010
CVSS 7.5EPSS 0.04%High
CVE info copied to clipboard

A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48139

Oct 24, 2024 at 7:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48139. See article

Oct 24, 2024 at 7:24 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 25, 2024 at 10:07 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Oct 25, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Blackbox
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

CVE-2024-48139
High Severity Description A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. Read more at https://www.tenable.com/cve/CVE-2024-48139
NA - CVE-2024-48139 - A prompt injection vulnerability in the chatbox...
A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a...
CVE-2024-48139 | Blackbox AI 1.3.95 Chatbox injection
A vulnerability was found in Blackbox AI 1.3.95 and classified as problematic . This issue affects some unknown processing of the component Chatbox . The manipulation leads to injection. The identification of this vulnerability is CVE-2024-48139 . Access to the local network is required for this attack. There is no exploit available.
CVE-2024-48139
A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted...
CVE-2024-48139 - Blackbox AI Prompt Injection Information Disclosure Vulnerability
CVE ID : CVE-2024-48139 Published : Oct. 24, 2024, 7:15 p.m. 22 minutes ago Description : A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI