Lucene search
+L

5 matches found

Snyk
Snyk
added 2026/06/01 2:24 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the IssueService.get, update, and delete functions, which do not verify workspace ownershi...

8.7CVSS5.8AI score0.00043EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 2:23 p.m.4 views

Missing Authorization

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Missing Authorization in the addmember process. An attacker can gain unauthorized owner-level access to any workspace by submitting a crafted POST...

9.6CVSS5.8AI score0.00031EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 10:35 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the process that handles workspace-scoped object access. An attacker can gain unauthorized acce...

8.8CVSS5.8AI score0.00044EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/10 5:58 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HTTP Gateway process. An attacker can exhaust system resources by sending HTTP headers very slowly, preventing legitimate requests from being processed. Remediation Upgrade...

8.7CVSS7AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2020/06/05 4:16 p.m.6 views

GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

8.2CVSS7.1AI score0.03012EPSS
Exploits1References6
Rows per page
Query Builder