GHSA-vvw2-h478-xwr3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vvw2-h478-xwr3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-vvw2-h478-xwr3
- Aliases
-
- CVE-2025-12695
- Published
- 2025-11-04T15:31:35Z
- Modified
- 2025-11-04T17:42:39.429473Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- DSPy does not properly restrict file reads
- Details
-
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
- Database specific
{ "cwe_ids": [ "CWE-653" ], "github_reviewed": true, "nvd_published_at": "2025-11-04T14:15:34Z", "severity": "MODERATE", "github_reviewed_at": "2025-11-04T17:05:45Z" }- References
Affected packages
PyPI / dspy
Package
- Name
- dspy
- View open source insights on deps.dev
- Purl
- pkg:pypi/dspy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.0.3
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.1.3
0.1.4
0.1.5
2.*
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.5.16
2.5.17
2.5.18
2.5.19
2.5.20
2.5.21
2.5.22
2.5.23
2.5.24
2.5.25
2.5.26
2.5.27
2.5.28
2.5.29
2.5.30
2.5.31
2.5.32
2.5.33
2.5.34
2.5.35
2.5.36
2.5.37
2.5.38
2.5.39
2.5.40
2.5.41
2.5.42
2.5.43
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.0rc5
2.6.0rc6
2.6.0rc7
2.6.0rc8
2.6.0rc11
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9rc1
2.6.9
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.26
2.6.27a1
2.6.27
3.*
3.0.0b1
3.0.0b2
3.0.0b3
3.0.0b4
3.0.0
3.0.1
3.0.2
3.0.3