Esteban Tonglet

**Name of the Vulnerable Software and Affected Versions** Flair versions 0.4.1 through latest **Description** The deserialization of untrusted data in the `LanguageModel` class can lead to arbitrary code execution when loading a malicious model. **Recommendations** Versions prior to 0.4.1 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChromaDB versions 1.0.0 through 1.5.8 **Description** A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint. The attack is performed by providing a malicious model repository (such as a Hugging Face model) and setting the `trust remote code` variable to true. The server processes the model configuration and executes the code before performing authentication checks, allowing for full server takeover, privilege escalation, lateral movement, and the theft of sensitive information including API keys and environment variables. Over 4,500 instances have been identified online, with approximately 73% of exposed instances estimated to be vulnerable. **Recommendations** Restrict network access to the ChromaDB port to trusted clients only. As a temporary workaround, switch to the Rust-based execution method (chroma run or Docker images) as the Python-based FastAPI server is the only affected component.

**Name of the Vulnerable Software and Affected Versions** Lablup's BackendAI (affected versions not specified) **Description** The issue is related to missing authorization in Lablup's BackendAI, allowing attackers to take over all active sessions. This enables them to access, steal, or alter any data accessible within the session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lablup's BackendAI (affected versions not specified) **Description** The issue concerns a missing authentication mechanism in the registration feature, allowing arbitrary users to create accounts that can access private data, even when registration is supposed to be disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lablup's BackendAI (affected versions not specified) **Description** The issue allows attackers to expose sensitive data in active sessions, enabling them to retrieve credentials for users on the management platform. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.