CVE-2024-6961

🗓️ 21 Jul 2024 11:03:15Reported by JFROGType

RAIL format vulnerability in Guardrails A

Reporter	Title	Published	Views	Family All 6
Vulnrichment	CVE-2024-6961 XXE in Guardrails AI when consuming RAIL documents	21 Jul 202410:49	–	vulnrichment
NVD	CVE-2024-6961	21 Jul 202411:15	–	nvd
OSV	GHSA-F8HX-F4XW-C646 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference	21 Jul 202412:30	–	osv
Cvelist	CVE-2024-6961 XXE in Guardrails AI when consuming RAIL documents	21 Jul 202410:49	–	cvelist
Veracode	XML Entity Expansion (XXE)	23 Jul 202405:49	–	veracode
Github Security Blog	Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference	21 Jul 202412:30	–	github

[
  {
    "collectionURL": "https://pypi.org/project/pip",
    "defaultStatus": "unaffected",
    "packageName": "guardrails-ai",
    "versions": [
      {
        "lessThan": "0.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
research	www.research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Jul 2024 11:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.9

EPSS0.00122

SSVC

CWE-611