Security Labs Research

In Localhost We Trust: Exploring Vulnerabilities in Cortex.cpp, Jan’s AI Engine

Discover critical security vulnerabilities recently found in Cortex.cpp, the engine behind the local AI platform Jan AI, revealing that self-hosted AI isn't automatically secure. Learn how attackers could exploit these flaws and the importance of prioritizing security in the growing ecosystem of on-premise AI solutions.

OpenCart Vulnerability Research (v4.0.2.3/3.0.3.9)

Discover the security vulnerabilities in OpenCart's admin and customer functionalities, including XSS, Zip Slip, and SQL Injection exploits. Learn how these flaws impact e-commerce systems and how attackers can exploit them for remote code execution.

Proxmox VE CVE-2024-21545 - Tricking the API into giving you the keys

Read about a critical vulnerability (CVE-2024-21545) in Proxmox VE that allows attackers to gain full control of the system. By exploiting a flaw in the API handling, attackers with limited permissions can steal sensitive files and forge session tokens for a complete system takeover.

Hijacking OAUTH flows via Cookie Tossing

Learn about Cookie Tossing attacks, a rarely explored technique to hijack OAuth flows and enable account takeovers at Identity Providers (IdPs). Discover its implications, real-world examples, and how to safeguard applications using the Host cookie prefix.

Remote Code Execution with Spring Boot 3.4.0 Properties

this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.

Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes

This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.

Snyk finds PyPi malware that steals Discord and Roblox credential and payment info

Learn about the newly discovered PyPi malware that attempts to steal credential and payment information from Discord and Roblox users.

Buildkit GRPC SecurityMode privilege check: Build-time container breakout (CVE-2024-23653)

Snyk has discovered a build-time container breakout vulnerability in all versions of Docker Buildkit <=v0.12.4, as used by the Docker engine (CVE-2024-23653)

Buildkit mount cache race: Build-time race condition container breakout (CVE-2024-23651)

Snyk has discovered a build-time race condition container breakout vulnerability in all versions of Buildkit <=v0.12.4, as used by the Docker engine.

Buildkit build-time container teardown arbitrary delete (CVE-2024-23652)

CVE-2024-23652: Snyk has discovered a container teardown arbitrary delete vulnerability in all versions of Buildkit <=v0.12.4, as used by the Docker engine.

GitFlops: The dangers of terraform automation platforms

Terraform automation platforms streamline infrastructure management but also introduce security vulnerabilities when speculative plans are executed. Read how attackers can exploit Terraform lifecycle automation to gain unauthorized cloud access, compromising environments far beyond a single team's control. Learn about the attack vectors, including malicious provider plugins and external data sources, and discover essential mitigation strategies to safeguard your infrastructure.

Abusing Ubuntu 24.04 features for root privilege escalation

With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities.