Lucene search
K

5 matches found

OSV
OSV
added 2026/04/10 7:22 p.m.3 views

GHSA-FVXX-GGMX-3CJG PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...

8.4CVSS6AI score0.00231EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:17 p.m.5 views

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS6AI score0.00231EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:17 p.m.2 views

CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS5.9AI score0.00231EPSS
Exploits1References1
CVE
CVE
added 2026/04/09 9:17 p.m.11 views

CVE-2026-40113

PraxionAI’s CVE-2026-40113 affects PraisonAI before version 4.5.128. The flaw arises in deploy.py, which builds a single comma-delimited string for gcloud run deploy --set-env-vars by directly interpolating openai_model, openai_key, and openai_base without validating for commas. Since gcloud uses...

8.4CVSS6AI score0.00231EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/07/30 7:37 p.m.4 views

MAL-2025-6691 Malicious code in actions-set-env-vars (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
Rows per page
Query Builder