CVE-2024-12236
Dec. 10, 2024, 3:15 p.m.
Tags
Product(s) Impacted
Vertex Gemini API
Description
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.
Weaknesses
CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
CWE ID: 755Date
Published: Dec. 10, 2024, 3:15 p.m.
Last Modified: Dec. 10, 2024, 3:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve-coordination@google.com