Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
Exploitability
AV:NAC:HPR:NUI:NScope
S:UImpact
C:HI:NA:N5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NOther