CVE-2024-6961 - OpenCVE

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/

History

No history.

MITRE

Status: PUBLISHED

Assigner: JFROG

Published: 2024-07-21T10:49:54.782Z

Updated: 2024-08-01T21:45:38.455Z

Reserved: 2024-07-21T09:58:10.956Z

Link: CVE-2024-6961

Vulnrichment

Updated: 2024-08-01T21:45:38.455Z

NVD

Status : Awaiting Analysis

Published: 2024-07-21T11:15:03.187

Modified: 2024-08-01T14:00:51.710

Link: CVE-2024-6961

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6961", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "state": "PUBLISHED", "assignerShortName": "JFROG", "dateReserved": "2024-07-21T09:58:10.956Z", "datePublished": "2024-07-21T10:49:54.782Z", "dateUpdated": "2024-08-01T21:45:38.455Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://pypi.org/project/pip", "packageName": "guardrails-ai", "versions": [{"lessThan": "0.5.0", "status": "affected", "version": "0", "versionType": "python"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.</p>"}], "value": "RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2024-07-21T10:49:54.782Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/"}], "source": {"discovery": "EXTERNAL"}, "title": "XXE in Guardrails AI when consuming RAIL documents"}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-611", "lang": "en", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "affected": [{"vendor": "guardrailsai", "product": "guardrails", "cpes": ["cpe:2.3:a:guardrailsai:guardrails:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.5.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T18:24:13.885767Z", "id": "CVE-2024-6961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T18:34:15.580Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.455Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.455Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-22T18:24:13.885767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:guardrailsai:guardrails:*:*:*:*:*:*:*:*"], "vendor": "guardrailsai", "product": "guardrails", "versions": [{"status": "affected", "version": "0", "lessThan": "0.5.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T18:26:44.325Z"}}], "cna": {"title": "XXE in Guardrails AI when consuming RAIL documents", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "0.5.0", "versionType": "python"}], "packageName": "guardrails-ai", "collectionURL": "https://pypi.org/project/pip"}], "references": [{"url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.", "supportingMedia": [{"type": "text/html", "value": "<p>RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.</p>", "base64": false}]}], "providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2024-07-21T10:49:54.782Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6961", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:45:38.455Z", "dateReserved": "2024-07-21T09:58:10.956Z", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "datePublished": "2024-07-21T10:49:54.782Z", "assignerShortName": "JFROG"}, "dataVersion": "5.1"}