Researchers revealed a severe vulnerability in the Lightning AI Studio that poses a risk of remote code execution. Rated with a CVSS score of 9.4, the flaw is linked to a hidden URL parameter in JavaScript, enabling attackers to execute arbitrary commands with root privileges. This vulnerability can be exploited to access sensitive data like access tokens by leveraging user-specific URLs and executing Base64-encoded commands. With knowledge of a profile username, attackers can craft links to execute malicious code, creating significant security risks for users.
Cybersecurity researchers disclosed a critical vulnerability in Lightning AI Studio that could allow remote code execution and gain root access to systems.
The CVSS score of 9.4 indicates the high-risk nature of this flaw, which could enable attackers to execute commands and extract sensitive data.
Collection
[
|
...
]