Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-6pcv-j4jx-m4vx | Flowise: unauthenticated SSO config exposes OAuth secrets | flowise | 5.3 |
| LOW | GHSA-gj9q-8w99-mp8j | openclaw: TOCTOU race bypasses exec script preflight | openclaw | - |
| HIGH | GHSA-rg3h-x3jw-7jm5 | PraisonAI: SQL injection across 9 DB backends | praisonaiagents | 8.1 |
| MEDIUM | GHSA-f934-5rqf-xx47 | OpenClaw: path traversal in memory_get reads arbitrary workspace files | openclaw | - |
| HIGH | GHSA-mr34-9552-qr95 | openclaw: path traversal leaks files and NTLM credentials | openclaw | - |
| MEDIUM | GHSA-f7fh-qg34-x2xh | openclaw: CDP SSRF enables internal host pivot | openclaw | - |
| MEDIUM | GHSA-jhpv-5j76-m56h | OpenClaw: auth bypass leaks host files via media path | openclaw | - |
| HIGH | GHSA-66r7-m7xm-v49h | openclaw: path traversal exposes host files via media tags | openclaw | - |
| MEDIUM | GHSA-536q-mj95-h29h | openclaw: SSRF bypass via browser navigation guard gap | openclaw | - |
| MEDIUM | GHSA-qmwg-qprg-3j38 | openclaw: CDP pivot bypasses file:// navigation guards | openclaw | - |
| MEDIUM | GHSA-527m-976r-jf79 | openclaw: SSRF bypass in existing browser session routes | openclaw | - |
| MEDIUM | GHSA-rj2p-j66c-mgqh | openclaw: SSRF policy bypass in browser tab actions | openclaw | - |
| HIGH | GHSA-525j-hqq2-66r4 | openclaw: CDP relay exposes browser DevTools on 0.0.0.0 | openclaw | - |
| MEDIUM | GHSA-53vx-pmqw-863c | openclaw: Browser SSRF exposes internal services by default | openclaw | - |
| MEDIUM | GHSA-xq94-r468-qwgj | openclaw: DNS rebinding bypasses browser SSRF protection | openclaw | - |
| MEDIUM | GHSA-2767-2q9v-9326 | openclaw: QQBot SSRF leaks internal service responses | openclaw | - |
| MEDIUM | GHSA-c9h3-5p7r-mrjh | openclaw: path traversal bypasses media sandbox | openclaw | - |
| MEDIUM | GHSA-c4qm-58hj-j6pj | openclaw: SSRF bypass exposes internal pages in browser tool | openclaw | - |
| HIGH | GHSA-8372-7vhw-cm6q | openclaw: config redaction bypass exposes provider API keys | openclaw | - |
| MEDIUM | GHSA-jwrq-8g5x-5fhm | openclaw: auth context reuse enables privilege escalation | openclaw | - |