Skip to content

LLM05: refresh reference links for 2026#4

Merged
rocklambros merged 1 commit intoGenAI-Security-Project:mainfrom
RicoKomenda:upgrade/LLM05-refresh-references
May 2, 2026
Merged

LLM05: refresh reference links for 2026#4
rocklambros merged 1 commit intoGenAI-Security-Project:mainfrom
RicoKomenda:upgrade/LLM05-refresh-references

Conversation

@RicoKomenda
Copy link
Copy Markdown
Collaborator

@RicoKomenda RicoKomenda commented Apr 23, 2026
edited
Loading

Summary

  • Replace four outdated 2022-2023 references with current CVEs, hands-on labs, and authoritative standards
  • Fix heading year (:2025 -> :2026) and section name (Common Examples of Vulnerability -> Common Examples of Risk per _template.md)
  • Fix OWASP ASVS publisher label typo (AASVS -> ASVS)

Replaced references:

  • CVE-2019-20634 (2019) -> EchoLeak CVE-2025-32711 (CVSS 9.3, zero-click exfiltration in M365 Copilot)
  • Vague Snyk/LangChain post -> LangGrinch CVE-2025-68664 (CVSS 9.3, LangChain serialization injection)
  • 2023 ChatGPT plugin post + 2023 Markdown exfil post -> PortSwigger hands-on LLM output handling lab + GitHub Copilot RCE via prompt injection (Embrace The Red, 2025)
  • AI-hallucinates-packages post (off-topic for output handling) -> dropped

Added references:

  • OWASP AISVS C7: Model Behavior, Output Control and Safety Assurance
  • CWE-116: Improper Encoding or Escaping of Output

@RicoKomenda
LLM05: refresh reference links for 2026
5282406 
Replace four outdated 2022-2023 references with current material:
- EchoLeak (CVE-2025-32711, CVSS 9.3): zero-click exfiltration in M365 Copilot
- LangGrinch (CVE-2025-68664, CVSS 9.3): LangChain serialization injection
- PortSwigger hands-on lab: exploiting insecure output handling in LLMs
- GitHub Copilot RCE via prompt injection (Embrace The Red, 2025)

Add new references:
- OWASP AISVS C7: Model Behavior, Output Control and Safety Assurance
- CWE-116: Improper Encoding or Escaping of Output

Remove: CVE-2019-20634, vague Snyk/LangChain post, 2023 ChatGPT plugin
post, 2023 Markdown exfil post, AI-hallucinates-packages post.

Also fix: heading year (2025 -> 2026), section name (Common Examples of
Vulnerability -> Common Examples of Risk per template), ASVS publisher
label typo (AASVS -> ASVS).
@RicoKomenda RicoKomenda force-pushed the upgrade/LLM05-refresh-references branch from 7f31af8 to 5282406 Compare April 23, 2026 09:30
rocklambros
rocklambros approved these changes May 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@rocklambros rocklambros left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving — conformance check passes against documentation/style/{README,general,entries}.md:

  • Renames ### Common Examples of Vulnerability to ### Common Examples of Risk (aligns with template's required section name)
  • All updated references use the documented [Title](URL): **Publisher** format
  • US English, ATX headings, no level skips

Merging per project owner @rocklambros's instruction since you are the LLM05 entry lead — your authorship is the merge gate.

@rocklambros rocklambros merged commit 2f23a8c into GenAI-Security-Project:main May 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rocklambros rocklambros rocklambros approved these changes

@rossja rossja Awaiting requested review from rossja rossja is a code owner

@virtualsteve-star virtualsteve-star Awaiting requested review from virtualsteve-star virtualsteve-star is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RicoKomenda @rocklambros