Torinriley

**Name of the Vulnerable Software and Affected Versions** ACON (affected versions not specified) **Description** A potential issue has been identified in the input validation process of the ACON library, which could lead to arbitrary code execution if exploited. This could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. Machine learning models or applications that ingest user-generated data without proper sanitization are the most at risk. Users running ACON on production servers are at heightened risk, as the issue could be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RDS Light versions prior to 1.1.0 **Description** The issue involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module (`main.py`). This leaves the framework open to injection attacks and potential memory tampering. Any user or external actor providing input to the system could exploit this vulnerability to inject malicious commands, corrupt stored data, or affect API calls. This is particularly critical for users employing RDS AI in production environments where it interacts with sensitive systems, performs dynamic memory caching, or retrieves user-specific data for analysis. **Recommendations** For versions prior to 1.1.0, upgrade to version 1.1.0 or higher and ensure all dependencies are updated to their latest versions. As a temporary workaround for users unable to upgrade to the patched version, implement custom validation checks for user inputs to filter out unsafe characters and patterns (e.g., SQL injection attempts, script injections) and limit or remove features that allow user input until the system can be patched.