CVE-2024-6961 - Vulnerability Details - OpenCVE

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Guardrailsai	Guardrails

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-2333	RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.
Github GHSA	GHSA-f8hx-f4xw-c646	Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/

History

Mon, 25 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Guardrailsai Guardrailsai guardrails
CPEs		cpe:2.3:a:guardrailsai:guardrails::::::::
Vendors & Products		Guardrailsai Guardrailsai guardrails
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: JFROG

Published: 2024-07-21T10:49:54.782Z

Updated: 2024-11-25T12:48:07.911Z

Reserved: 2024-07-21T09:58:10.956Z

Link: CVE-2024-6961

Vulnrichment

Updated: 2024-08-01T21:45:38.455Z

NVD

Status : Awaiting Analysis

Published: 2024-07-21T11:15:03.187

Modified: 2024-11-25T13:15:07.930

Link: CVE-2024-6961

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6961", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "state": "PUBLISHED", "assignerShortName": "JFROG", "dateReserved": "2024-07-21T09:58:10.956Z", "datePublished": "2024-07-21T10:49:54.782Z", "dateUpdated": "2024-11-25T12:48:07.911Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://pypi.org/project/pip", "defaultStatus": "unaffected", "packageName": "guardrails-ai", "versions": [{"lessThan": "0.5.0", "status": "affected", "version": "0", "versionType": "python"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.</p>"}], "value": "RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2024-11-25T12:48:07.911Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/"}], "source": {"discovery": "EXTERNAL"}, "title": "XXE in Guardrails AI when consuming RAIL documents", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-611", "lang": "en", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "affected": [{"vendor": "guardrailsai", "product": "guardrails", "cpes": ["cpe:2.3:a:guardrailsai:guardrails:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.5.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T18:24:13.885767Z", "id": "CVE-2024-6961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T18:34:15.580Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.455Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.455Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-22T18:24:13.885767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:guardrailsai:guardrails:*:*:*:*:*:*:*:*"], "vendor": "guardrailsai", "product": "guardrails", "versions": [{"status": "affected", "version": "0", "lessThan": "0.5.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T18:26:44.325Z"}}], "cna": {"title": "XXE in Guardrails AI when consuming RAIL documents", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "0.5.0", "versionType": "python"}], "packageName": "guardrails-ai", "collectionURL": "https://pypi.org/project/pip", "defaultStatus": "unaffected"}], "references": [{"url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.", "supportingMedia": [{"type": "text/html", "value": "<p>RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2024-11-25T12:48:07.911Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6961", "state": "PUBLISHED", "dateUpdated": "2024-11-25T12:48:07.911Z", "dateReserved": "2024-07-21T09:58:10.956Z", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "datePublished": "2024-07-21T10:49:54.782Z", "assignerShortName": "JFROG"}, "dataVersion": "5.1"}