An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| guardrails-ai(PyPI) | 0.2.9 | 0.5.10 | N/A |
CVSS Metrics
