44 matches found
CVE-2026-40319
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40320
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...
Giskard Has A Regular Expression Denial Of Service (ReDoS) In RegexMatching Check
Summary The RegexMatching check in the "giskard-checks" package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs...
CVE-2026-40320
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...
CVE-2026-40319
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40320
Giskard (giskard-checks) CVE-2026-40320 involves unsandboxed Jinja2 template rendering in the ConformityCheck rule processing. In versions prior to 1.0.2b1, ConformityCheck rendered the rule parameter using Jinja2’s default Template(), enabling runtime interpretation of template expressions. If c...
CVE-2026-40320
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...
CVE-2026-40320 Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...
CVE-2026-40320 Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...
CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40319
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40319
CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...
Giskard 安全漏洞
Giskard is an open-source evaluation and testing framework for artificial intelligence systems. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the ConformityCheck class using the Jinja2 template engine to render rule parameters, which...
Giskard 安全漏洞
Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the direct passing of user-provided regular expressions to the re.search...
Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...
Improper Neutralization of Special Elements Used in a Template Engine
Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the rule parameter in the ConformityCheck class. An attacker can execute arbitrary code by supplying malicious...
GHSA-7XJM-G8F4-RP26 Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...
Regular Expression Denial of Service (ReDoS)
Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the re.search file. An attacker can cause the process to hang and impact system availability by supplying a crafted regular expression pattern ...
GHSA-RQ2Q-4R55-9877 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...