CNNVD-202509-263 Information
Sep 03, 2025
cve
CNNVD ID
CNNVD-202509-263
Related CVE
- CNNVD Published: 2025-09-03
Description (Chinese)
smolagents是Hugging Face开源的一个代理的基本库。 smolagents存在代码注入漏洞,该漏洞源于对dunder属性验证不完整,可能导致从Local Python执行环境沙箱逃逸。
Description (English)
The smolagents are an agent’s basic library of Hugging Face. Smolagents have a code-infusion loophole, which stems from incomplete validation of dunder properties, which may lead to escape from the implementation of environmental sandboxes from Local Python.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Hugging Face
Published
2025-09-03
Last Modified
2026-02-24
References
https://github.com/huggingface/smolagents/pull/1551 https://research.jfrog.com/vulnerabilities/smolagents-local-python-sandbox-escape-jfsa-2025-001434277/
Patch
https://huggingface.co/docs/smolagents/index
Share on: