griptape 1.8.11

Direct Vulnerabilities

Known vulnerabilities in the griptape package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M SQL Injection griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to SQL Injection through the `execute_query` path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to supply unsafe `sql_query` input. In affected deployments, this can lead to remote code execution on databases that support command execution features such as PostgreSQL `COPY ... FROM PROGRAM`, as well as arbitrary file read/write, data exfiltration, or denial of service through destructive or resource-intensive queries. How to fix SQL Injection? There is no fixed version for `griptape`.	[0.27.0,)
L Directory Traversal griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal via the `filename` handling in the code-writing path used by `execute_code_in_container` in `griptape/tools/computer/tool.py`. An attacker can write arbitrary files on the host by prompting the agent to supply a crafted `filename` such as `../../...` and controlling the code content written to that path. This issue affects agents that use `ComputerTool` to write code into a local working directory before container execution; the write can escape the intended workdir and overwrite files with the privileges of the Griptape process. How to fix Directory Traversal? There is no fixed version for `griptape`.	[0.27.0,)
M Directory Traversal griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal the `LocalFileManagerDriver` file path resolution in `griptape/drivers/file_manager/local_file_manager_driver.py`. An attacker can read, list, or overwrite arbitrary files on the host filesystem by supplying `../`- style paths via prompt injection or other untrusted tool input. The issue affects `try_list_files`, `try_load_file`, and `try_save_file`, which all rely on `_full_path` without enforcing that the resolved paths remain within the configured working directory. How to fix Directory Traversal? There is no fixed version for `griptape`.	[1.1.0,)

Vulnerability

Vulnerable Version

SQL Injection

griptape is a Modular Python framework for LLM workflows, tools, memory, and data.

Affected versions of this package are vulnerable to SQL Injection through the execute_query path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to supply unsafe sql_query input. In affected deployments, this can lead to remote code execution on databases that support command execution features such as PostgreSQL COPY ... FROM PROGRAM, as well as arbitrary file read/write, data exfiltration, or denial of service through destructive or resource-intensive queries.

How to fix SQL Injection?

There is no fixed version for griptape.

[0.27.0,)

Directory Traversal

griptape is a Modular Python framework for LLM workflows, tools, memory, and data.

Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by execute_code_in_container in griptape/tools/computer/tool.py. An attacker can write arbitrary files on the host by prompting the agent to supply a crafted filename such as ../../... and controlling the code content written to that path. This issue affects agents that use ComputerTool to write code into a local working directory before container execution; the write can escape the intended workdir and overwrite files with the privileges of the Griptape process.

How to fix Directory Traversal?

There is no fixed version for griptape.

[0.27.0,)

Directory Traversal

griptape is a Modular Python framework for LLM workflows, tools, memory, and data.

Affected versions of this package are vulnerable to Directory Traversal the LocalFileManagerDriver file path resolution in griptape/drivers/file_manager/local_file_manager_driver.py. An attacker can read, list, or overwrite arbitrary files on the host filesystem by supplying ../- style paths via prompt injection or other untrusted tool input. The issue affects try_list_files, try_load_file, and try_save_file, which all rely on _full_path without enforcing that the resolved paths remain within the configured working directory.

How to fix Directory Traversal?

There is no fixed version for griptape.

[1.1.0,)

griptape@1.8.11

Modular Python framework for LLM workflows, tools, memory, and data.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically