CVE-2024-12236
Vulnerability Description
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC.
No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.
No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!