Back to directory
WRITEUP #304

My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI

AI / LLMLLMInsecure deserializationRCE
byPeng Zhou
Bounty
3,250
Program
Hugging FaceProtect AI
Published
May 11, 2024
Added to HackDex
May 11, 2024
Read Full Writeuphttps://medium.com/@zpbrent/my-llm-bug-bounty-journey-on-hugging-face-hub-via-protect-ai-9f3a1bc72c2e
RELATED WRITEUPS
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough
AI / LLMAI
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
AI / LLMAI
Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
AI / LLMAI

Built with ❤️ by Shubham Rawat