4 matches found
CVE-2026-34937
PRAISONAI: The run_python() function constructs a shell command by interpolating user code into python3 -c "" and passes it to subprocess.run(..., shell=True). The escape logic only handles \ and ", leaving $() and backtick substitutions unescaped, enabling arbitrary OS command execution before P...
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...
GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...