all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Add to bookmarks
June 27, 2024, 10:04 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques.
The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary

ask attacks case code code execution cve cve-2024 cvss cvss score cybersecurity databases exploited flaw function high injection injection flaw library prompt prompt injection rce rce attacks remote code remote code execution researchers score security security flaw severity techniques vulnerability

Visit resource

More from thehackernews.com / The Hacker News

Google to Block Entrust Certificates in Chrome Starting November 2024 13 hours ago | thehackernews.com
address authority block blocking +18
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data 1 day, 11 hours ago | thehackernews.com
actor chrome chrome extension collection +22
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others 1 day, 13 hours ago | thehackernews.com
17.0.3 address cd pipeline community +23
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining 1 day, 16 hours ago | thehackernews.com
8220 gang actor code cryptocurrency +28
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors 1 day, 17 hours ago | thehackernews.com
accounts adoption business cloud +16
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities 1 day, 18 hours ago | thehackernews.com
attack channel connections exploits +15
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment 1 day, 20 hours ago | thehackernews.com
analysis commands dos emerson +16
TeamViewer Detects Security Breach in Corporate IT Environment 1 day, 22 hours ago | thehackernews.com
breach corporate cyber cyber security +17
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads 2 days, 13 hours ago | thehackernews.com
botnet crypto cryptocurrency crypto miner +20

Jobs in InfoSec / Cybersecurity

Find Talent

Senior Systems Engineer - AWS

@ CACI International Inc | 999 REMOTE
View on infosec-jobs.com

Managing Consultant / Consulting Director / Engagement Lead in Cybersecurity Consulting

@ Marsh McLennan | Toronto - Bremner
View on infosec-jobs.com

Specialist , Fraud Investigation and SecOps

@ Concentrix | Bulgaria - Work at Home
View on infosec-jobs.com

Data Engineer, Mid

@ Booz Allen Hamilton | USA, CA, San Diego (1615 Murray Canyon Rd)
View on infosec-jobs.com

Manager, Risk Management

@ Manulife | CAN, Ontario, Toronto, 200 Bloor Street East
View on infosec-jobs.com

Regional Channel Manager (Remote - West)

@ Dell Technologies | Remote - California, United States (All Other)
View on infosec-jobs.com