Описание
Azure Promptflow Remote Code Execution Vulnerability
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
FAQ
According to the CVSS metric, Confidentiality and Integrity are rated as Low and Availability is None (C:L, I:L, A:N). What does that mean for this vulnerability?
While an attacker can access some data, that data is not customer’s data, or any highly sensitive/critical information; furthermore an attacker cannot affect the availability of the product.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure promptflow-core | ||
| Azure promptflow-tools |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
Azure PromptFlow remote code execution related to Jinja templates
Уязвимость средства разработки приложений ИИ Azure Promptflow, связанная с недостаточным пространственным разделением, позволяющая нарушителю выполнить произвольный код
EPSS
6.5 Medium
CVSS3