Lucene search
K

24 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-486 PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.4AI score0.00541EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/10 1:22 a.m.4 views

CVE-2026-39888

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:17 p.m.3 views

CVE-2026-39888

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

9.9CVSS0.00541EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:41 p.m.21 views

CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

9.9CVSS0.00541EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:41 p.m.15 views

CVE-2026-39888

PraisonAI’s PraisonAIAgents contain a sandbox escape in execute_code() (subprocess mode) prior to version 1.5.115. The subprocess wrapper blocks only a subset of attributes, and the missing frame-traversal attributes (traceback , tb_frame, f_back, f_builtins) can be chained via a caught exception...

9.9CVSS6AI score0.00541EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/08 7:17 p.m.5 views

EUVD-2026-20635

PraisonAI has sandbox escape via exception frame traversal in executecode subprocess mode...

9.9CVSS5.9AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 7:17 p.m.7 views

GHSA-QF73-2HRX-XPRP PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.4AI score0.00541EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/08 7:17 p.m.25 views

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.6AI score0.00541EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31455

Name of the Vulnerable Software and Affected Versions praisonaiagents versions prior to 1.5.115 Description PraisonAI is a multi-agent teams system. Prior to version 1.5.115, the execute code function in praisonaiagents.tools.python tools defaults to sandbox mode="sandbox", which runs user code i...

9.9CVSS6.5AI score0.00541EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

7.5CVSS7AI score0.02862EPSS
Exploits1References3
Veracode
Veracode
added 2020/12/06 3:57 a.m.19 views

Out-of-Bounds Read

LuaJit is vulnerable to out-of-bounds read. This vulnerability existed because the gc handler frame traversal is mishandled...

7.5CVSS1.8AI score0.02862EPSS
Exploits1References4Affected Software1
Mageia
Mageia
added 2020/08/25 8:13 a.m.40 views

Updated luajit packages fix security vulnerability

An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because gc handler frame traversal is mishandled CVE-2020-15890...

7.5CVSS2.3AI score0.02862EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/07/29 12:0 a.m.19 views

Debian: Security Advisory (DLA-2296-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02862EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/07/28 11:37 p.m.23 views

CVE-2020-15890

A flaw was found in luajit. An out-of-bounds read can occur due to a frame traversal being mishandled...

5CVSS2.4AI score0.02862EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/07/28 7:14 a.m.44 views

luajit: out-of-bounds read because __gc handler frame traversal is mishandled

A flaw was found in luajit. An out-of-bounds read can occur due to a frame traversal being mishandled...

7.5CVSS5.7AI score0.02862EPSS
Exploits1References4
OSV
OSV
added 2020/07/21 10:15 p.m.2 views

ALPINE-CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

7.5CVSS7AI score0.02862EPSS
Exploits1References1
OSV
OSV
added 2020/07/21 10:15 p.m.2 views

DEBIAN-CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

7.5CVSS6.8AI score0.02862EPSS
Exploits1References1
OSV
OSV
added 2020/07/21 10:15 p.m.23 views

CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

7.5CVSS1.7AI score
Exploits0References4
NVD
NVD
added 2020/07/21 10:15 p.m.13 views

CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

7.5CVSS7.5AI score0.02862EPSS
Exploits1References4
Prion
Prion
added 2020/07/21 10:15 p.m.23 views

Design/Logic Flaw

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

5CVSS7.4AI score0.02862EPSS
Exploits1References3Affected Software3
Rows per page
Query Builder