CVE-2024-48141
📋 TL;DR
A prompt injection vulnerability in Zhipu AI CodeGeeX allows attackers to access and exfiltrate all chat data between users and the AI assistant through crafted messages. This affects users of CodeGeeX v2.17.0 in Visual Studio Code, potentially exposing sensitive conversation history.
💻 Affected Systems
- Zhipu AI CodeGeeX
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all chat history including potentially sensitive code, credentials, or proprietary information being exfiltrated to attacker-controlled systems.
Likely Case
Unauthorized access to chat history containing code snippets, debugging conversations, and potentially sensitive project information.
If Mitigated
Limited exposure if chat data contains only non-sensitive information and proper network segmentation prevents exfiltration.
🎯 Exploit Status
Exploitation requires sending a crafted message to the chat interface; no authentication or special privileges needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.18.0 or later
Vendor Advisory: https://marketplace.visualstudio.com/items?itemName=aminer.codegeex
Restart Required: Yes
Instructions:
1. Open Visual Studio Code. 2. Go to Extensions view. 3. Search for CodeGeeX. 4. Click Update to v2.18.0+. 5. Restart Visual Studio Code.
🔧 Temporary Workarounds
Disable CodeGeeX Extension
allTemporarily disable the vulnerable extension until patched.
code --disable-extension aminer.codegeex
Network Segmentation
allBlock outgoing connections from development machines to prevent data exfiltration.
🧯 If You Can't Patch
- Disable the CodeGeeX extension completely
- Use network controls to block all outgoing connections from development workstations
🔍 How to Verify
Check if Vulnerable:
Check CodeGeeX extension version in VS Code Extensions view; if version is 2.17.0, system is vulnerable.Check Version:
code --list-extensions --show-versions | findstr codegeexVerify Fix Applied:
Verify CodeGeeX extension version is 2.18.0 or higher in VS Code Extensions view.📡 Detection & Monitoring
Log Indicators:
- Unusual chat patterns with special characters
- Multiple failed chat attempts with crafted prompts
Network Indicators:
- Outbound connections to unusual domains following chat sessions
- Large data transfers from development workstations
SIEM Query:
source="vscode_logs" AND "CodeGeeX" AND ("injection" OR "malformed" OR "exfiltrate")