CVE-2024-12236

Published: Dec 10, 2024

Modified: Jan 30, 2025

PUBLISHED

Description

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.

Vendor	Product	Versions
Google Cloud Platform	Vertex Gemini API	affected `0`

Weaknesses (CWE)

CWE-755

References

https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-2024-063

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-12236

Description

Affected Products

Weaknesses (CWE)

References