Описание
RAGAS has an Arbitrary File Read vulnerability
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-45691
- https://github.com/explodinggradients/ragas/pull/1559
- https://github.com/vibrantlabsai/ragas/pull/1991
- https://github.com/vibrantlabsai/ragas/commit/b28433709cbedbb531db79dadcfbdbd3aa6adcb0
- https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability
- https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202
Пакеты
ragas
>= 0.2.3, < 0.3.0-rc1
0.3.0-rc1
EPSS
7.7 High
CVSS4
7.5 High
CVSS3
CVE ID
Дефекты
Связанные уязвимости
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
EPSS
7.7 High
CVSS4
7.5 High
CVSS3