Описание
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
Ссылки
- ExploitThird Party Advisory
- Product
- ExploitIssue TrackingPatch
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.2.3 (включая) до 0.2.14 (включая)
cpe:2.3:a:vibrantlabsai:ragas:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
redhat
около 1 месяца назад
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
CVSS3: 7.5
github
около 1 месяца назад
RAGAS has an Arbitrary File Read vulnerability
EPSS
Процентиль: 17%
0.00054
Низкий
7.5 High
CVSS3
Дефекты
CWE-22