6 matches found
XML Entity Expansion (XXE)
guardrails-ai is vulnerable to XML Entity Expansion XXE. The vulnerability is due to consuming RAIL documents from external sources, which may cause leakage of internal file data via the SYSTEM entity...
GHSA-F8HX-F4XW-C646 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...
CVE-2024-6961
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...
CVE-2024-6961 XXE in Guardrails AI when consuming RAIL documents
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...
CVE-2024-6961 XXE in Guardrails AI when consuming RAIL documents
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...
CVE-2024-6961
CVE-2024-6961 describes an XML External Entity (XXE) vulnerability in Guardrails AI when consuming RAIL documents from external sources, potentially allowing leakage of internal file data via the SYSTEM entity. The affected component is Guardrails AI and its RAIL document handling; the underlying...