Products
Guardrails AI
Source
reefs@jfrog.com
Tags
CVE-2024-6961 details
Published : July 21, 2024, 11:15 a.m.
Last Modified : July 21, 2024, 11:15 a.m.
Last Modified : July 21, 2024, 11:15 a.m.
Description
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.
CVSS Score
1 | 2 | 3 | 4 | 5.9 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.9
Exploitability Score
2.2
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References
URL | Source |
---|---|
https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/ | reefs@jfrog.com |
This website uses the NVD API, but is not approved or certified by it.