AI Risk Database

Vulnerabilities in Linked Code

0
0

Vulnerability Info

Report Idreport-1e24ac9a3c504b328da33cfff3603030
Vulnerability Typesecurity
Model Namejordiclive/flan-t5-11b-summarizer-filtered-1.5-epoch
Model Versione7759633729662da63b90aab7ec96327007e1f8b
Created Date2024/06/27
Reported Byindiana-university

Description

Vulnerability Summary

The model jordiclive/flan-t5-11b-summarizer-filtered-1.5-epoch is associated with a code repository https://github.com/facebookresearch/contriever for which 42 CWEs (including 12 high severity vulnerabilities) were identified. The weaknesses and vulnerabilities listed here are for informational purposes about the model supply chain and may not be explicit in the model itself.

The model associated with jordiclive/flan-t5-11b-summarizer-filtered-1.5-epoch has been found to have 7 Common Weakness Enumerations (CWEs), including 2 high severity vulnerabilities.

The identified weaknesses include:

  1. CWE-73: External Control of File Name or Path
  2. CWE-676: Use of Potentially Dangerous Function
  3. CWE-502: Deserialization of Untrusted Data
  4. CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  5. CWE-703: Improper Check or Handling of Exceptional Conditions
  6. CWE-330: Use of Insufficiently Random Values
  7. CWE-259: Use of Hard-coded Password

The GitHub repository is linked in the huggingface README.md.

The vulnerabilities were discovered using Semgrep and Bandit.

URL: https://huggingface.co/jordiclive/flan-t5-11b-summarizer-filtered-1.5-epoch

PURL: pkg:huggingface/jordiclive/flan-t5-11b-summarizer-filtered-1.5-epoch@e7759633729662da63b90aab7ec96327007e1f8b

SHA: e7759633729662da63b90aab7ec96327007e1f8b

Author: jordiclive

Tags: ['transformers', 'pytorch', 't5', 'text2text-generation', 'summarization', 'extractive', 'summary', 'abstractive', 'multi-task', 'document summary', 'en', 'dataset:jordiclive/scored_summarization_datasets', 'dataset:jordiclive/wikipedia-summary-dataset', 'license:apache-2.0', 'license:bsd-3-clause', 'autotrain_compatible', 'endpoints_compatible', 'text-generation-inference', 'region:us']

Downloads: 3

Likes: 3

GitHub Link: https://github.com/facebookresearch/contriever

Low Severity Weaknesses: 28

Medium Severity Weaknesses: 2

High Severity Weaknesses: 12

Total Weaknesses Identified: 42

Common Weaknesses Enumerations (CWEs) Identified:

CWEDescriptionURL
CWE - 73 : External Control of File Name or PathThis could allow an attacker to access or modify system files or other files that are critical to the application. Path manipulation errors occur when the following two conditions are met: 1. An attacker can specify a path used in an operation on the filesystem. 2. By specifying the resource, the attacker gains a capability that would not otherwise be permitted. For example, the program may give the attacker the ability to overwrite the specified file or run with a configuration controlled by the attacker.73
CWE - 676 : Use of Potentially Dangerous FunctionThe product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.676
CWE - 502 : Deserialization of Untrusted DataIt is often convenient to serialize objects for communication or to save them for later use. However, deserialized data or code can often be modified without using the provided accessor functions if it does not use cryptography to protect itself. Furthermore, any cryptography would still be client-side security -- which is a dangerous security assumption. Data that is untrusted can not be trusted to be well-formed. When developers place no restrictions on gadget chains, or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions, like generating a shell.502
CWE - 78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')This could allow attackers to execute unexpected, dangerous commands directly on the operating system. This weakness can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system, such as in web applications. Alternately, if the weakness occurs in a privileged program, it could allow the attacker to specify commands that normally would not be accessible, or to call alternate commands with privileges that the attacker does not have. The problem is exacerbated if the compromised process does not follow the principle of least privilege, because the attacker-controlled commands may run with special system privileges that increases the amount of damage. There are at least two subtypes of OS command injection: The application intends to execute a single, fixed program that is under its own control. It intends to use externally-supplied inputs as arguments to that program. For example, the program might use system(nslookup [HOSTNAME]) to run nslookup and allow the user to supply a HOSTNAME, which is used as an argument. Attackers cannot prevent nslookup from executing. However, if the program does not remove command separators from the HOSTNAME argument, attackers could place the separators into the arguments, which allows them to execute their own program after nslookup has finished executing. The application accepts an input that it uses to fully select which program to run, as well as which commands to use. The application simply redirects this entire command to the operating system. For example, the program might use exec([COMMAND]) to execute the [COMMAND] that was supplied by the user. If the COMMAND is under attacker control, then the attacker can execute arbitrary commands or programs. If the command is being executed using functions like exec() and CreateProcess(), the attacker might not be able to combine multiple commands together in the same line. From a weakness standpoint, these variants represent distinct programmer errors. In the first variant, the programmer clearly intends that input from untrusted parties will be part of the arguments in the command to be executed. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input.78
CWE - 703 : Improper Check or Handling of Exceptional ConditionsThe product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.703
CWE - 330 : Use of Insufficiently Random ValuesWhen product generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.330
CWE - 259 : Use of Hard-coded PasswordA hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect. Once detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations: Inbound: the product contains an authentication mechanism that checks for a hard-coded password. Outbound: the product connects to another system or component, and it contains hard-coded password for connecting to that component. In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the product. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the product will have the same password, even across different organizations, this enables massive attacks such as worms to take place. The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end product. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple.259