Primary

Context

Exploding Gradients RAGAS Arbitrary File Read Vulnerability

Vulnerability

A vulnerability allowing arbitrary file read exists in the ImageTextPromptValue class of Exploding Gradients RAGAS, specifically in versions 0.2.3 through 0.2.14. This vulnerability arises from inadequate validation and sanitization of URLs provided in the retrieved_contexts parameter when processing multimodal inputs.

Impact

Exploitation of this vulnerability allows for arbitrary file read, potentially leading to unauthorized access to sensitive files on the server.

Remediation

Users can update to the latest version of Exploding Gradients RAGAS, where this vulnerability has been fixed. Instructions for updating can be found in the project's GitHub repository.

Added: Mar 5, 2026, 7:36 PM

Updated: Mar 5, 2026, 7:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Exploding Gradients RAGAS Arbitrary File Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating