@evomap/evolver 1.70.0-beta.1

Direct Vulnerabilities

Known vulnerabilities in the @evomap/evolver package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Command Injection @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Command Injection via the `runInSandbox` function. An attacker can execute arbitrary code with the privileges of the validator process by supplying malicious `validation_commands` from a compromised or intercepted Hub response, which are then executed without adequate validation or isolation. How to fix Command Injection? Upgrade `@evomap/evolver` to version 1.70.0-beta.5 or higher.	<1.70.0-beta.5
M Allocation of Resources Without Limits or Throttling @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `parseBody` function and the `/asset/submit` and `/mailbox/send` routes, which do not enforce limits on request body size or payload content. An attacker can exhaust disk space and cause persistent service outages by repeatedly sending large requests, leading to out-of-memory conditions and crashes on service restart. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@evomap/evolver` to version 1.70.0-beta.5 or higher.	<1.70.0-beta.5
H External Control of File Name or Path @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the `fetch` subcommand. An attacker can overwrite arbitrary files in the user's working directory, including executable scripts and configuration files, by supplying a crafted `skill_id` value and malicious file content from a remote Hub. This can result in execution of attacker-controlled code with the privileges of the victim when the overwritten files are subsequently run. How to fix External Control of File Name or Path? Upgrade `@evomap/evolver` to version 1.70.0-beta.5 or higher.	<1.70.0-beta.5

Vulnerability

Vulnerable Version

Command Injection

@evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.

Affected versions of this package are vulnerable to Command Injection via the runInSandbox function. An attacker can execute arbitrary code with the privileges of the validator process by supplying malicious validation_commands from a compromised or intercepted Hub response, which are then executed without adequate validation or isolation.

How to fix Command Injection?

Upgrade @evomap/evolver to version 1.70.0-beta.5 or higher.

<1.70.0-beta.5

Allocation of Resources Without Limits or Throttling

@evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parseBody function and the /asset/submit and /mailbox/send routes, which do not enforce limits on request body size or payload content. An attacker can exhaust disk space and cause persistent service outages by repeatedly sending large requests, leading to out-of-memory conditions and crashes on service restart.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @evomap/evolver to version 1.70.0-beta.5 or higher.

<1.70.0-beta.5

External Control of File Name or Path

@evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.

Affected versions of this package are vulnerable to External Control of File Name or Path via the fetch subcommand. An attacker can overwrite arbitrary files in the user's working directory, including executable scripts and configuration files, by supplying a crafted skill_id value and malicious file content from a remote Hub. This can result in execution of attacker-controlled code with the privileges of the victim when the overwritten files are subsequently run.

How to fix External Control of File Name or Path?

Upgrade @evomap/evolver to version 1.70.0-beta.5 or higher.

<1.70.0-beta.5

@evomap/evolver@1.70.0-beta.1

A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically