Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3 vulnerabilities found for ChatGPT

    AVID-2023-V028

    Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 LLM Evaluation
    Summary
    Frameworks like langchain (Python) and boxcars.ai (Ruby) offer apps and scripts to directly execute queries through LLMs as a built-in feature. In the context of boxcars.ai, this makes it really easy to perform remote code execution or SQL injection. All you have to do is ask politely! See the references for more details.
    Risk domain
    Ethics
    SEP view
    S0100: Software Vulnerability, S0201: Model Compromise, S0301: Information Leak, S0202: Software Compromise, S0601: Ingest Poisoning
    Lifecycle
    L04: Model Development, L05: Evaluation, L06: Deployment
    Organisations
    OpenAI (deployer), boxcars.ai (deployer), OpenAI (developer)
    Affected artifacts
    Artifact Type
    ChatGPT System
    boxcars.ai System
    References
    URL Label
    https://blog.luitjes.it/posts/injectgpt-most-poli… InjectGPT: the most polite exploit ever
    https://www.reddit.com/r/netsec/comments/121gpay/… Reddit thread on InjectGPT

    {
      "affects": {
        "artifacts": [
          {
            "name": "ChatGPT",
            "type": "System"
          },
          {
            "name": "boxcars.ai",
            "type": "System"
          }
        ],
        "deployer": [
          "OpenAI",
          "boxcars.ai"
        ],
        "developer": [
          "OpenAI"
        ]
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Lucas Luitjes, N/A"
        }
      ],
      "data_type": "AVID",
      "data_version": "0.2",
      "description": {
        "lang": "eng",
        "value": "Frameworks like langchain (Python) and boxcars.ai (Ruby) offer apps and scripts to directly execute queries through LLMs as a built-in feature. In the context of boxcars.ai, this makes it really easy to perform remote code execution or SQL injection. All you have to do is ask politely! \nSee the references for more details."
      },
      "impact": {
        "avid": {
          "lifecycle_view": [
            "L04: Model Development",
            "L05: Evaluation",
            "L06: Deployment"
          ],
          "risk_domain": [
            "Ethics"
          ],
          "sep_view": [
            "S0100: Software Vulnerability",
            "S0201: Model Compromise",
            "S0301: Information Leak",
            "S0202: Software Compromise",
            "S0601: Ingest Poisoning"
          ],
          "taxonomy_version": "0.2"
        }
      },
      "last_modified_date": "2023-03-31",
      "metadata": {
        "vuln_id": "AVID-2023-V028"
      },
      "problemtype": {
        "classof": "LLM Evaluation",
        "description": {
          "lang": "eng",
          "value": "It is possible to make ChatGPT perform remote code execution just by asking politely"
        },
        "type": "Advisory"
      },
      "published_date": "2023-03-31",
      "references": [
        {
          "label": "InjectGPT: the most polite exploit ever",
          "type": "source",
          "url": "https://blog.luitjes.it/posts/injectgpt-most-polite-exploit-ever/"
        },
        {
          "label": "Reddit thread on InjectGPT",
          "type": "source",
          "url": "https://www.reddit.com/r/netsec/comments/121gpay/injectgpt_remote_code_execution_by_asking_nicely/"
        }
      ],
      "reports": [
        {
          "name": "It is possible to make ChatGPT perform remote code execution just by asking politely",
          "report_id": "AVID-2023-R0004",
          "type": "Advisory"
        }
      ]
    }

    AVID-2023-V026

    Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 LLM Evaluation
    Summary
    When prompting ChatGPT with lexical constraints, e.g. "Generate a text without the letter "e" in it", ChatGPT almost always fails to follow these constraints.
    Risk domain
    Performance
    SEP view
    P0204: Accuracy
    Lifecycle
    L02: Data Understanding, L04: Model Development, L05: Evaluation, L06: Deployment
    Organisations
    OpenAI (deployer), OpenAI (developer)
    Affected artifacts
    Artifact Type
    ChatGPT System
    References
    URL Label
    https://www.gwern.net/GPT-3#bpes Gwern's analysis of lexical constraints and ChatGPT
    https://paperswithcode.com/paper/most-language-mo… Most Language Models can be Poets too: An AI Writing Assistant and Constrained Text Generation Studio

    {
      "affects": {
        "artifacts": [
          {
            "name": "ChatGPT",
            "type": "System"
          }
        ],
        "deployer": [
          "OpenAI"
        ],
        "developer": [
          "OpenAI"
        ]
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Allen Roush, Oracle Corporation"
        }
      ],
      "data_type": "AVID",
      "data_version": "0.2",
      "description": {
        "lang": "eng",
        "value": "When prompting ChatGPT with lexical constraints, e.g. \"Generate a text without the letter \"e\" in it\", ChatGPT almost always fails to follow these constraints. "
      },
      "impact": {
        "avid": {
          "lifecycle_view": [
            "L02: Data Understanding",
            "L04: Model Development",
            "L05: Evaluation",
            "L06: Deployment"
          ],
          "risk_domain": [
            "Performance"
          ],
          "sep_view": [
            "P0204: Accuracy"
          ],
          "taxonomy_version": "0.2"
        }
      },
      "last_modified_date": "2023-03-31",
      "metadata": {
        "vuln_id": "AVID-2023-V026"
      },
      "problemtype": {
        "classof": "LLM Evaluation",
        "description": {
          "lang": "eng",
          "value": "ChatGPT fails to follow lexical constraints"
        },
        "type": "Advisory"
      },
      "published_date": "2023-03-31",
      "references": [
        {
          "label": "Gwern\u0027s analysis of lexical constraints and ChatGPT",
          "type": "source",
          "url": "https://www.gwern.net/GPT-3#bpes"
        },
        {
          "label": "Most Language Models can be Poets too: An AI Writing Assistant and Constrained Text Generation Studio",
          "type": "source",
          "url": "https://paperswithcode.com/paper/most-language-models-can-be-poets-too-an-ai"
        }
      ],
      "reports": [
        {
          "name": "ChatGPT fails to follow lexical constraints",
          "report_id": "AVID-2023-R0002",
          "type": "Advisory"
        }
      ]
    }

    AVID-2023-V027

    Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 LLM Evaluation
    Summary
    When asked to recommend papers on explainability, privacy, adversarial ML, etc. ChatGPT recommends papers that (a) may not always exist, (b) mixes up correct and incorrect information, e.g. correct title but wrong authors, or (c) have incomplete information on authors.
    Risk domain
    Ethics
    SEP view
    E0402: Generative Misinformation
    Lifecycle
    L05: Evaluation, L06: Deployment
    Organisations
    OpenAI (deployer), OpenAI (developer)
    Affected artifacts
    Artifact Type
    ChatGPT System
    References
    URL Label
    ../img/R00031.png Screenshot of example answer

    {
      "affects": {
        "artifacts": [
          {
            "name": "ChatGPT",
            "type": "System"
          }
        ],
        "deployer": [
          "OpenAI"
        ],
        "developer": [
          "OpenAI"
        ]
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Jaydeep Borkar, N/A"
        }
      ],
      "data_type": "AVID",
      "data_version": "0.2",
      "description": {
        "lang": "eng",
        "value": "When asked to recommend papers on explainability, privacy, adversarial ML, etc. ChatGPT recommends papers that (a) may not always exist, (b) mixes up correct and incorrect information, e.g. correct title but wrong authors, or (c) have incomplete information on authors."
      },
      "impact": {
        "avid": {
          "lifecycle_view": [
            "L05: Evaluation",
            "L06: Deployment"
          ],
          "risk_domain": [
            "Ethics"
          ],
          "sep_view": [
            "E0402: Generative Misinformation"
          ],
          "taxonomy_version": "0.2"
        }
      },
      "last_modified_date": "2023-03-31",
      "metadata": {
        "vuln_id": "AVID-2023-V027"
      },
      "problemtype": {
        "classof": "LLM Evaluation",
        "description": {
          "lang": "eng",
          "value": "ChatGPT generates false or incomplete references to scientific literature"
        },
        "type": "Issue"
      },
      "published_date": "2023-03-31",
      "references": [
        {
          "label": "Screenshot of example answer",
          "type": "screenshot",
          "url": "../img/R00031.png"
        }
      ],
      "reports": [
        {
          "name": "ChatGPT links wrong authors to papers",
          "report_id": "AVID-2023-R0003",
          "type": "Issue"
        }
      ]
    }