Количество 2
Количество 2
CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine.
GHSA-w392-75q8-vr67
Guardrails has an arbitrary code execution vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-45858 An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine. | CVSS3: 7.8 | 0% Низкий | больше 1 года назад |
| GHSA-w392-75q8-vr67 Guardrails has an arbitrary code execution vulnerability | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу