Home > Vulnerability Database > CVE-2024-6961

Mend.io Vulnerability Database

CVE-2024-6961

Good to know:

Date: July 21, 2024

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.

Language: Python

Severity Score

5.9

Related Resources (7)

Url: https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519

Url: https://github.com/guardrails-ai/guardrails/commit/f3d806afee31e2e3f97af682d16c3c1bc0d3c380

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6961

Url: https://github.com/guardrails-ai/guardrails

Url: https://github.com/guardrails-ai/guardrails/pull/922

Url: https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/

Url: https://www.mend.io/vulnerability-database/CVE-2024-6961

Severity Score

5.9

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version guardrails-ai - 0.5.0

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6961

Good to know:

Date: July 21, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?