5 matches found
Authorization Bypass Through User-Controlled Key
Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the IssueService.get, update, and delete functions, which do not verify workspace ownershi...
Missing Authorization
Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Missing Authorization in the addmember process. An attacker can gain unauthorized owner-level access to any workspace by submitting a crafted POST...
Authorization Bypass Through User-Controlled Key
Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the process that handles workspace-scoped object access. An attacker can gain unauthorized acce...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HTTP Gateway process. An attacker can exhaust system resources by sending HTTP headers very slowly, preventing legitimate requests from being processed. Remediation Upgrade...
GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)
Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...