PyPi: Guardrails-Ai

CVE-2024-6961

Safety vulnerability ID: 72296

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 21, 2024 Updated at Dec 11, 2024

Scan your Python projects for vulnerabilities →

Advisory

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.

Affected package

guardrails-ai

Latest version: 0.6.1

Adding guardrails to large language models.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-f8hx-f4xw-c646
https://github.com/guardrails-ai/guardrails/pull/922
https://github.com/guardrails-ai/guardrails/commit/f3d806afee31e2e3f97af682d16c3c1bc0d3c380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6961

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application