4 matches found
Arbitrary Argument Injection
Overview skilleton is a Skills skeleton: deterministic AI skill dependency manager Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of repository and path input in the normalizeRepoUrl function. An attacker can cause unsafe or inefficient...
Allocation of Resources Without Limits or Throttling
Overview nlsq is a GPU/TPU accelerated nonlinear least-squares curve fitting using JAX Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing input size validation for arrays and Jacobians. An attacker can cause memory exhaustion by...
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection via the Quick Export process. An attacker can execute arbitrary commands on the victim's machine by injecting malicious formulas into fields that are later exported to CSV and opened in spreadsheet applications. This is on...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...