数百万AI Agent受开源软件包严重漏洞威胁:BadHost漏洞可致服务器入侵

安全研究人员警告称,全球数百万个AI Agent和工具正受到一个严重漏洞的威胁,该漏洞可能允许黑客入侵运行它们的服务器,并窃取敏感数据和第三方账户凭证。该漏洞存在于Starlette中,这是一个开源框架,其开发者称每周的下载量为3.25亿次。数千个其他开源项目也存在漏洞,因为它们需要Starlette才能工作。该框架是异步服务器网关接口(Asynchronous Server Gateway In ...
Techzine Europe

Vulnerability in open-source component puts AI platforms at risk

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...