{"id":"https://openalex.org/W4405181589","doi":"https://doi.org/10.1145/3658644.3690338","title":"Demystifying RCE Vulnerabilities in LLM-Integrated Apps","display_name":"Demystifying RCE Vulnerabilities in LLM-Integrated Apps","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181589","doi":"https://doi.org/10.1145/3658644.3690338"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690338","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690338","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690338","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690338","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5106627801","display_name":"Tong Liu","orcid":"https://orcid.org/0009-0004-5804-6551"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Tong Liu","raw_affiliation_strings":["IIE, CAS &amp; School of Cyber Security, UCAS, Beijing, China"],"affiliations":[{"raw_affiliation_string":"IIE, CAS &amp; School of Cyber Security, UCAS, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077248797","display_name":"Zizhuang Deng","orcid":"https://orcid.org/0000-0001-7240-9268"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zizhuang Deng","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017417068","display_name":"Guozhu Meng","orcid":"https://orcid.org/0000-0001-6388-2571"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guozhu Meng","raw_affiliation_strings":["IIE, CAS &amp; School of Cyber Security, UCAS, Beijing, China"],"affiliations":[{"raw_affiliation_string":"IIE, CAS &amp; School of Cyber Security, UCAS, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068561556","display_name":"Yuekang Li","orcid":"https://orcid.org/0000-0003-4382-0757"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yuekang Li","raw_affiliation_strings":["University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I31746571"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100437976","display_name":"Kai Chen","orcid":"https://orcid.org/0000-0002-5624-2987"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kai Chen","raw_affiliation_strings":["IIE, CAS &amp; School of Cyber Security, UCAS, Beijing, China"],"affiliations":[{"raw_affiliation_string":"IIE, CAS &amp; School of Cyber Security, UCAS, Beijing, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5106627801"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":20.3537,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.99082154,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1716","last_page":"1730"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9829000234603882,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9829000234603882,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9787999987602234,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9757000207901001,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7452937364578247},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6760071516036987},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.6263002753257751},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5244938731193542},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48711729049682617},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.46385833621025085},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.26866793632507324}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7452937364578247},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6760071516036987},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.6263002753257751},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5244938731193542},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48711729049682617},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.46385833621025085},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.26866793632507324},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690338","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690338","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690338","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690338","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690338","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690338","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181589.pdf"},"referenced_works_count":8,"referenced_works":["https://openalex.org/W2095881341","https://openalex.org/W2523678860","https://openalex.org/W2963563709","https://openalex.org/W3107089345","https://openalex.org/W3161685529","https://openalex.org/W4288057765","https://openalex.org/W4384345708","https://openalex.org/W6931636349"],"related_works":["https://openalex.org/W2938786841","https://openalex.org/W2982120024","https://openalex.org/W4401959232","https://openalex.org/W4323341852","https://openalex.org/W2896677295","https://openalex.org/W2753638813","https://openalex.org/W4214943875","https://openalex.org/W3048799479","https://openalex.org/W3006651694","https://openalex.org/W2039098677"],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"show":[4],"promise":[5],"in":[6,14,76],"transforming":[7],"software":[8],"development,":[9,27],"with":[10],"a":[11,72],"growing":[12],"interest":[13],"integrating":[15],"them":[16],"into":[17],"more":[18],"intelligent":[19],"apps.":[20],"Frameworks":[21],"like":[22],"LangChain":[23],"aid":[24],"LLM-integrated":[25],"app":[26],"offering":[28],"code":[29,47],"execution":[30,48],"utility/APIs":[31],"for":[32],"custom":[33],"actions.":[34],"However,":[35],"these":[36,57],"capabilities":[37],"theoretically":[38],"introduce":[39],"Remote":[40],"Code":[41],"Execution":[42],"(RCE)":[43],"vulnerabilities,":[44],"enabling":[45],"remote":[46],"through":[49],"prompt":[50],"injections.":[51],"No":[52],"prior":[53],"research":[54,74],"systematically":[55],"investigates":[56],"frameworks'":[58],"RCE":[59],"vulnerabilities":[60],"or":[61],"their":[62],"impact":[63],"on":[64],"applications":[65],"and":[66],"exploitation":[67],"consequences.":[68],"Therefore,":[69],"there":[70],"is":[71],"huge":[73],"gap":[75],"this":[77],"field.":[78]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":14},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}