BIT-mlflow-2023-6568
SQL injection vulnerability in mlflow (PyPI)
What is BIT-mlflow-2023-6568 About?
A SQL injection vulnerability exists in the 'default_jsonalyzer' function of 'JSONalyzeQueryEngine' in 'run-llama/llama_index'. This flaw allows for SQL injection via prompt injection, potentially leading to arbitrary file creation and Denial-of-Service (DoS) attacks. Exploitation is possible through crafted prompts.
Affected Software
- mlflow
- <2.9.1
- <28ff3f94994941e038f2172c6484b65dc4db6ca1
- <2.9.0
Technical Details
The vulnerability is a SQL injection flaw located in the 'default_jsonalyzer' function within the 'JSONalyzeQueryEngine' of the 'run-llama/llama_index' repository. An attacker can leverage prompt injection techniques to embed malicious SQL commands into the prompts provided to the engine. Due to insufficient sanitization or parameterization of user-supplied prompt input that is later used to construct SQL queries, these embedded commands are executed on the backend database. This can lead to unauthorized data manipulation, arbitrary file creation on the database server, or cause a Denial-of-Service by executing resource-intensive queries.
What is the Impact of BIT-mlflow-2023-6568?
Successful exploitation may allow attackers to access, modify, or delete sensitive data, create arbitrary files, or cause a denial of service, leading to data compromise and system instability.
What is the Exploitability of BIT-mlflow-2023-6568?
Exploitation involves crafting malicious prompts that include SQL injection payloads, which are then processed by the 'default_jsonalyzer' function. The complexity of crafting such prompts may vary but is generally moderate. No specific authentication is explicitly mentioned as required, though access to provide prompts to the 'JSONalyzeQueryEngine' is necessary. Privilege requirements depend on the database user's permissions, but file creation and DoS are possible with standard privileges. This is a remote exploitation scenario, as an attacker can provide malicious prompts through the application's interface. The risk is high in applications that allow untrusted or user-controlled input to be processed by data query engines.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2023-6568?
Available Upgrade Options
- mlflow
- <2.9.0 → Upgrade to 2.9.0
- mlflow
- <2.9.1 → Upgrade to 2.9.1
- mlflow
- <28ff3f94994941e038f2172c6484b65dc4db6ca1 → Upgrade to 28ff3f94994941e038f2172c6484b65dc4db6ca1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-vwhf-3v6x-wff8
- https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
- https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
- https://osv.dev/vulnerability/PYSEC-2023-260
- https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
- https://github.com/mlflow/mlflow
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-260.yaml
- https://nvd.nist.gov/vuln/detail/CVE-2023-6568
- https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
- https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
What are Similar Vulnerabilities to BIT-mlflow-2023-6568?
Similar Vulnerabilities: CVE-2023-49942 , CVE-2023-49941 , CVE-2023-49940 , CVE-2023-49939 , CVE-2023-49938
