3 matches found
CVE-2026-40320
Giskard (giskard-checks) CVE-2026-40320 involves unsandboxed Jinja2 template rendering in the ConformityCheck rule processing. In versions prior to 1.0.2b1, ConformityCheck rendered the rule parameter using Jinja2’s default Template(), enabling runtime interpretation of template expressions. If c...
CVE-2026-40320 Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...
CVE-2026-40320
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...