Hacker News new | past | comments | ask | show | jobs | submit login
AI published a bogus CVE for my project
20 points by mrocklin 86 days ago | hide | past | favorite | 4 comments
I help maintain Dask, an OSS project in the Python data space. Dask helps users run arbitrary Python code on distributed clusters of computers.

Yesterday, I and several users got a CVE alert (https://www.cve.org/CVERecord?id=CVE-2024-10096) that there was an exploit allowing users with access to a Dask scheduler to run arbitrary code on that server using a backdoor with pickle.

Obviously, the creators of this CVE missed the easily accessible `client.run_on_scheduler(my_function)` API, which makes this much easier for a would-be hacker. Is this a backdoor? Maybe, but the front door is wide open inviting all to enter.

I did some research into the creator of the CVE, a project call "Protect AI" (Dask is often used in AI workloads). It looks like they acquired an AI bug bounty company, Huntr (https://protectai.com/newsroom/protect-ai-acquires-huntr), which reported the "bug" several months ago. Even though this was spam, Dask maintainers responded to the bug report saying ...

> This is the expected behavior and not a vulnerability, which is documented at https://distributed.dask.org/en/stable/limitations.html?highlight=host#security. Specifically "You should only host Dask workers within networks that you trust."

Huntr's response?

> A dask/dask maintainer has acknowledged this report

Followed by publishing the report as a CVE

This thoughtless behavior both distracts OSS users, and diminishes the seriousness of the CVE database. It's a shame seeing companies misuse public infrastructure like this. I guess they're using this to generate some internal revenue?




Not even an attempt at coordinated disclosure? Doesn't that suggest that they understood that this isn't actually a vulnerability?


I'm not convinced that human judgement was ever applied during this situation.


Setting aside the ethics concerns for a moment. If your automated process publishes without coordination don't you forgoe any possible bounty? I thought this was a profit motivated operation.


I mean, Dask doesn't have money. We're definitely not in a place to pay them a bounty. I imagine this is just marketing on their part, or driving up some metric to show customers.

"Our powerful AI has identified vulnerabilities in 836 projects, many of which you depend on. How can you, enterprise customer, afford not to pay us money?"




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: