Published
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Sandbox escape in smolagents Local Python execution environment via dunder attributes
Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.
Affected products
smolagents
- <1.21.0
Matching in nixpkgs
pkgs.python312Packages.smolagents
Barebones library for agents
-
nixos-unstable -
- nixpkgs-unstable 1.21.3
pkgs.python313Packages.smolagents
Barebones library for agents
-
nixos-unstable -
- nixpkgs-unstable 1.21.3
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>