Lucene search
K

4 matches found

CVE
CVE
added 2026/04/03 10:50 p.m.16 views

CVE-2026-34937

PRAISONAI: The run_python() function constructs a shell command by interpolating user code into python3 -c "" and passes it to subprocess.run(..., shell=True). The escape logic only handles \ and ", leaving $() and backtick substitutions unescaped, enabling arbitrary OS command execution before P...

9.8CVSS6.2AI score0.00545EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 10:50 p.m.3 views

CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

7.8CVSS6.2AI score0.00545EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/03 10:50 p.m.19 views

CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

7.8CVSS0.00545EPSS
Exploits1References1
OSV
OSV
added 2026/04/01 11:18 p.m.4 views

GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References3
Rows per page
Query Builder