5 matches found
CVE-2026-39307
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...
CVE-2026-39307
Summary of CVE-2026-39307 PraisonAI templates installation uses Python’s zipfile.extractall() without validating that archive entries stay within the target extraction directory. This Zip Slip flaw existed prior to version 1.5.113 and could allow arbitrary file writes (potentially to system locat...
CVE-2026-39307 PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...
CVE-2026-39307 PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...
CVE-2025-59682
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...