5 matches found
Incomplete List of Disallowed Inputs
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...
CVE-2026-34172
Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enabl...
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...
GHSA-FRV4-X25R-588M Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...
PT-2026-28603
Name of the Vulnerable Software and Affected Versions Giskard versions prior to 0.3.4 Giskard versions prior to 1.0.2b1 Description Giskard, a Python library for testing agentic systems, contains a flaw where the ChatWorkflow.chat method directly uses a string argument as a Jinja2 template source...