A prompt injection vulnerability in the chatbox of Zhipu...
High severity
Unreviewed
Published
Oct 24, 2024
to the GitHub Advisory Database
•
Updated Oct 25, 2024
Description
Published by the National Vulnerability Database
Oct 24, 2024
Published to the GitHub Advisory Database
Oct 24, 2024
Last updated
Oct 25, 2024
A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
References