| 제목 | griptape v0.19.4 SQL Injection |
|---|
| 설명 | The SqlTool in Griptape allows agents to execute arbitrary SQL queries generated by the LLM against the connected database. There is no validation to restrict the types of SQL commands that can be executed.
An attacker can use prompt injection to coerce the LLM into generating malicious SQL statements. This can lead to Remote Code Execution (RCE) via features like COPY ... FROM PROGRAM, as well as arbitrary file read/write, data exfiltration, or, even with least priviledge, Denial of Service using CTE |
|---|
| 원천 | ⚠️ https://github.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.md |
|---|
| 사용자 | Goku (UID 80486) |
|---|
| 제출 | 2026. 03. 21. AM 03:04 (17 날 ago) |
|---|
| 모더레이션 | 2026. 04. 05. AM 07:17 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355390 [griptape-ai griptape 0.19.4 SqlTool tool.py SQL 주입] |
|---|
| 포인트들 | 20 |
|---|