CVE-2024-5184 Vulnerability Details

  /     /     /  

CVE-2024-5184 Metadata Quick Info

CVE Published: 05/06/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: SNPS | Vendor: EmailGPT | Product: EmailGPT
Status : PUBLISHED

---

CVE-2024-5184 Description

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-74
CWE Name: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ( Injection )
Source: EmailGPT

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-43
CAPEC Description: CAPEC-43: Exploiting Multiple Input Interpretation Layers


Source: NVD (National Vulnerability Database).