Nixpkgs security tracker
Dismissed
Permalink
CVE-2025-12695
5.9 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @pyrox0 Activity log
- Created suggestion
- @pyrox0 dismissed
Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
References
-
https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-r… third-party-advisory
Affected products
dspy
- ==0
Matching in nixpkgs
pkgs.python312Packages.ndspy
Python library for many Nintendo DS file formats
pkgs.python313Packages.ndspy
Python library for many Nintendo DS file formats
Package maintainers
-
@marius851000 Marius David <nix@mariusdavid.fr>