External RAIL Documents Vulnerability to XXE Leakage
CVE-2024-6961

Currently unrated

Key Information:

Vendor: Guardrails AI
Vendor: CVE Published:; 21 July 2024

🔔 Create Guardrails AI Vulnerability Alert

What is CVE-2024-6961?

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.

References

https://research.jfrog.com/vulnerabilities/guardrails-rai...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2024