ruflo@3.10.44

Ruflo - Enterprise AI agent orchestration platform. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration

  • latest version

    3.25.6

  • latest non vulnerable version

  • first published

    4 months ago

  • latest version published

    3 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the ruflo package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Command Injection

    ruflo is a Ruflo - Enterprise AI agent orchestration platform. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration

    Affected versions of this package are vulnerable to Command Injection due to the exposure of the POST /mcp and POST /mcp/:group endpoints without authentication in the default docker-compose deployment. An attacker can execute arbitrary commands, obtain a shell in the bridge container, access sensitive provider API keys, and manipulate AgentDB learning-store patterns by sending crafted requests over the network.

    How to fix Command Injection?

    Upgrade ruflo to version 3.16.3 or higher.

    <3.16.3