Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
Vulnerability Description
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不充分的划分
Vulnerability Title
dspy 安全漏洞
Vulnerability Description
dspy是Stanford NLP开源的一个的用于编程的人工智能框架。 dspy存在安全漏洞,该漏洞源于沙箱配置过于宽松,可能导致攻击者窃取敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A