Filtered by vendor Guardrailsai Subscriptions
Filtered by product Guardrails Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-6961 1 Guardrailsai 1 Guardrails 2024-11-25 5.9 Medium
RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.
CVE-2024-45858 1 Guardrailsai 1 Guardrails 2024-09-20 7.8 High
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine.