PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from the U.S.-based GitLab, Inc. A security vulnerability exists in GitLab Enterprise Edition versions 12.0 through 16.7.6, 16.8 through 16.8.3, and 16.9 through 16.9.1, which stems from a vulnerability that allows bypassing the group ip...