CVE-2024-48141

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Oct 24, 2024 / Updated: 26d ago

010
CVSS 7.5EPSS 0.04%High
CVE info copied to clipboard

A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48141

Oct 24, 2024 at 7:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48141. See article

Oct 24, 2024 at 7:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 24, 2024 at 7:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 25, 2024 at 10:07 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Oct 25, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Getgist/chatbox
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

CVE-2024-48141
High Severity Description A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. Read more at https://www.tenable.com/cve/CVE-2024-48141
NA - CVE-2024-48141 - A prompt injection vulnerability in the chatbox...
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant...
CVE-2024-48141 | Zhipu AI CodeGeeX 2.17.0 Chatbox injection
A vulnerability was found in Zhipu AI CodeGeeX 2.17.0 . It has been classified as problematic . Affected is an unknown function of the component Chatbox . The manipulation leads to injection. This vulnerability is traded as CVE-2024-48141 . Access to the local network is required for this attack to succeed. There is no exploit available.
CVE-2024-48141
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted...
CVE-2024-48141 - Zhipu AI CodeGeeX Chatbox SQLInject
CVE ID : CVE-2024-48141 Published : Oct. 24, 2024, 7:15 p.m. 22 minutes ago Description : A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI