3 matches found
PYSEC-2026-488 PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...
Argo Workflows 安全漏洞
Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the fact that the workflow executor recorded all workpiece repository credentials in...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the unpack function during the artifact extraction due to the lack of header.Name validation in the said function. An attacker can create or overwrite arbitrary files within system directories by supplying a...