CVE-2024-5185

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-352
View all →

Vulnerability Description

The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model.

Related Vulnerabilities

CVE-2017-14362

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.

CWE-3522017

CVE-2018-13800

HIGH
CVSS:7.3(High)

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is...

CWE-3522018

CVE-2021-4017

HIGH
CVSS:7.3(High)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CWE-3522021

CVE-2022-43470

HIGH
CVSS:7.3(High)

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +...

CWE-3522022

CVE-2023-5036

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CWE-3522023

CVE-2024-28731

HIGH
CVSS:7.3(High)

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forward...

CWE-3522024