Homepage

taskflow-ai@2.1.7

TaskFlow AI - 智能PRD文档解析与任务管理助手,支持多模型AI协同、MCP编辑器集成,专为开发团队设计的CLI工具

  • latest version

    3.0.0

  • latest non vulnerable version

    3.0.0

  • first published

    9 months ago

  • latest version published

    23 hours ago

  • licenses detected

  • View taskflow-ai package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the taskflow-ai package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Arbitrary Command Injection

    taskflow-ai is a TaskFlow AI - 智能PRD文档解析与任务管理助手,支持多模型AI协同、MCP编辑器集成,专为开发团队设计的CLI工具

    Affected versions of this package are vulnerable to Arbitrary Command Injection via the terminal_execute process in src/mcp/server/handlers.ts. An attacker can execute arbitrary operating system commands by supplying crafted input to the affected process.

    How to fix Arbitrary Command Injection?

    Upgrade taskflow-ai to version 2.1.9 or higher.

    <2.1.9
    Go back to all versions of this package