2 matches found
GHSA-FVXX-GGMX-3CJG PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...