Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Vulnerability Description
Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturally invite passing user input directly, but the string is silently parsed as a Jinja2 template, not treated as plain text. This issue has been patched in versions 0.3.4 and 1.0.2b1.
CVSS Information
N/A
Vulnerability Type
CWE-1336
Vulnerability Title
Giskard 安全漏洞
Vulnerability Description
Giskard是Giskard开源的一个人工智能系统的评估与测试框架。 Giskard 0.3.4之前版本和1.0.2b1之前版本存在安全漏洞,该漏洞源于ChatWorkflow.chat(message)将其字符串参数直接作为Jinja2模板源传递给非沙盒环境,可能导致通过Jinja2类遍历实现完整的远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A