216.73.217.24

CVE-2024-12236

· Published 10/12/2024 15:15 · Modified 10/12/2024 15:15

Labels: CVE-2024-12236 2024-12-10CVE-2024-12236CWE-755[email protected]

Essential information

Published
10/12/2024 15:15
Modified
10/12/2024 15:15
Author
Creator
CISA KEV
No
CWE

Description

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References