Dismissed
Permalink
CVE-2025-12695
5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @pyrox0 Activity log
- Created automatic suggestion
- @pyrox0 dismissed
Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
References
- https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-r… third-party-advisory
Affected products
dspy
- ==0
Matching in nixpkgs
pkgs.python312Packages.ndspy
Python library for many Nintendo DS file formats
pkgs.python313Packages.ndspy
Python library for many Nintendo DS file formats
Package maintainers
-
@marius851000 Marius David <nix@mariusdavid.fr>