Cyber Resilience

CVE-2024-5184

High

Published: 05 June 2024

Published
05 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0011 28.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5184 is a high-severity Injection (CWE-74) vulnerability in Emailgpt Emailgpt. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Indirect (AML.T0051.001), External Harms (AML.T0048).

EU & UK References

Vulnerability details

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service…

more

to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
EmailGPT is an AI-powered service and Chrome extension that uses OpenAI's GPT models to assist with email writing in Gmail, functioning as an enterprise-style AI assistant vulnerable to prompt injection, which aligns with the Enterprise AI Assistants category.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1211 Exploitation for Stealth Stealth
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
Why these techniques?

Prompt injection vulnerability in the public-facing EmailGPT API service (T1190) enables attackers to bypass AI safeguards, leak hard-coded system prompts, and execute unwanted actions (T1211).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0051.001: IndirectAML.T0048: External Harms

Affected Assets

emailgpt
emailgpt
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References