CVE-2024-6961

Name of the Vulnerable Software and Affected Versions Guardrails AI (affected versions not specified)

Description The issue concerns RAIL documents, an XML-based format used by Guardrails AI for enforcing formatting checks on LLM outputs. Users who consume RAIL documents from external sources are at risk of XML External Entity (XXE) attacks, which could lead to the leakage of internal file data through the SYSTEM entity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.