November 4, 2024: JFrog Exposes Critical ML Platform Vulnerabilities - A JFrog report uncovers significant security flaws in machine learning platforms, highlighting their vulnerabilities compared to more mature software categories. Key issues include a directory traversal vulnerability in Weights & Biases Weave toolkit (CVE-2024-7340) and an improper access control flaw in ZenML Cloud. Also noted are vulnerabilities in AI-centric database frameworks like Deep Lake, and a prompt injection flaw in Vanna AI. These weaknesses enable unauthorized access and remote code execution, posing serious risks to ML model integrity and data security.
