The vulnerability stems from a race situation between the code ChromaDB makes use of to parse embedding mannequin references and the code it makes use of to carry out an authentication test. Attackers can exploit the flaw by sending requests to load malicious mannequin configurations hosted on Hugging Face.
“The authentication shouldn’t be lacking, it’s simply within the improper place,” researchers from security agency HiddenLayer mentioned of their report. “By the point it fires, the mannequin has already been fetched and executed. The server rejects the request, returns a 500, and the attacker’s payload has already run.”
In response to HiddenLayer, the flaw exists in ChromaDB from model 1.0.0 as much as 1.5.8, and a number of makes an attempt to report it to the builders since February utilizing totally different communication channels have gone unanswered, prompting public disclosure. Over 73% of ChromaDB cases which might be publicly accessible on the web and are findable through the Shodan search engine are working a susceptible model.
Till a patch turns into accessible, the researchers advise deploying ChromaDB servers utilizing the Rust implementation, which isn’t affected, as a substitute of the Python FastAPI server. Community entry to the ChromaDB port must also be restricted to trusted IP addresses solely.
