CVE-2024-5184
Published: 05 June 2024
Summary
CVE-2024-5184 is a high-severity Injection (CWE-74) vulnerability in Emailgpt Emailgpt. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Indirect (AML.T0051.001), External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46428
Vulnerability details
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service…
more
to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- EmailGPT is an AI-powered service and Chrome extension that uses OpenAI's GPT models to assist with email writing in Gmail, functioning as an enterprise-style AI assistant vulnerable to prompt injection, which aligns with the Enterprise AI Assistants category.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Prompt injection vulnerability in the public-facing EmailGPT API service (T1190) enables attackers to bypass AI safeguards, leak hard-coded system prompts, and execute unwanted actions (T1211).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.