CVE-2024-48918

Name of the Vulnerable Software and Affected Versions RDS Light versions prior to 1.1.0

Description The issue involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module (main.py). This leaves the framework open to injection attacks and potential memory tampering. Any user or external actor providing input to the system could exploit this vulnerability to inject malicious commands, corrupt stored data, or affect API calls. This is particularly critical for users employing RDS AI in production environments where it interacts with sensitive systems, performs dynamic memory caching, or retrieves user-specific data for analysis.

Recommendations For versions prior to 1.1.0, upgrade to version 1.1.0 or higher and ensure all dependencies are updated to their latest versions. As a temporary workaround for users unable to upgrade to the patched version, implement custom validation checks for user inputs to filter out unsafe characters and patterns (e.g., SQL injection attempts, script injections) and limit or remove features that allow user input until the system can be patched.