CVE-2024-12236— Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-12236
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对异常条件的处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google Vertex AI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google Vertex AI是美国谷歌(Google)公司的一款 Google Cloud 控制台工具,用于快速构建生成式 AI 模型的原型和测试。 Google Vertex AI存在安全漏洞,该漏洞源于发生数据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Google Cloud Platform | Vertex Gemini API | 0 | - |
II. Public POCs for CVE-2024-12236
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-12236
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-755
- CVE-2026-23666
.NET Framework Denial of Service Vulnerability - CVE-2026-40074
SvelteKit's invalidated redirect in handle hook causes Denia - CVE-2026-28542
Huawei EMUI和Huawei HarmonyOS 安全漏洞 - CVE-2026-27195
Wasmtime is vulnerable to panic when dropping a `[Typed]Func - CVE-2026-27586
Caddy's mTLS client authentication silently fails open when
V. Comments for CVE-2024-12236
No comments yet