Homepage

prompts.chat@0.0.6

Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat

  • latest version

    0.1.1

  • first published

    3 months ago

  • latest version published

    2 months ago

  • licenses detected

  • View prompts.chat package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the prompts.chat package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Server-side Request Forgery (SSRF)

    prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the Wiro media-generate plugin. An attacker can access internal network resources and exfiltrate data by sending crafted POST requests with user-controlled inputImageUrl parameters to the /api/media-generate endpoint.

    How to fix Server-side Request Forgery (SSRF)?

    A fix was pushed into the master branch but not yet published.

    *
    • H
    Directory Traversal

    prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat

    Affected versions of this package are vulnerable to Directory Traversal through the handling of skill file archives containing unsanitized filenames with path traversal sequences. An attacker can write arbitrary files outside the intended directory and potentially overwrite critical files by submitting a crafted ZIP archive with malicious filenames.

    How to fix Directory Traversal?

    A fix was pushed into the master branch but not yet published.

    *
    • H
    Improper Handling of Case Sensitivity

    prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat

    Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths. An attacker can impersonate other users, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform by creating case-variant usernames that bypass uniqueness checks.

    How to fix Improper Handling of Case Sensitivity?

    A fix was pushed into the master branch but not yet published.

    *
    • H
    Missing Authorization

    prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat

    Affected versions of this package are vulnerable to Missing Authorization due to the missing isPrivate checks in API endpoints and page metadata generation. An attacker can access sensitive data, including private prompt version history, change requests, examples, current content, and metadata such as titles and descriptions, by sending unauthorized requests to affected endpoints.

    How to fix Missing Authorization?

    A fix was pushed into the master branch but not yet published.

    *
    • H
    Server-side Request Forgery (SSRF)

    prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the token parameter in the Fal.ai media status polling flow. An attacker can access sensitive information, such as the FAL_API_KEY from the Authorization header, and probe internal networks or abuse the victim's Fal.ai account by supplying attacker-controlled URLs.

    How to fix Server-side Request Forgery (SSRF)?

    A fix was pushed into the master branch but not yet published.

    *
    Go back to all versions of this package