Homepage

openharness-ai@0.1.3

Open-source Python port of Claude Code - an AI-powered CLI coding assistant

  • latest version

    0.1.7

  • latest non vulnerable version

    0.1.7

  • first published

    19 days ago

  • latest version published

    6 days ago

  • licenses detected

  • View openharness-ai package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the openharness-ai package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incorrect Authorization

    openharness-ai is an Open-source Python port of Claude Code - an AI-powered CLI coding assistant

    Affected versions of this package are vulnerable to Incorrect Authorization due to inconsistent parameter handling in permission enforcement within the read_file, write_file, edit_file, and notebook_edit tools. An attacker can access sensitive files outside the intended repository scope or create and overwrite files in restricted host paths by exploiting the lack of proper permission checks on the path parameter when influencing agent tool execution.

    How to fix Incorrect Authorization?

    Upgrade openharness-ai to version 0.1.6 or higher.

    [,0.1.6)
    Go back to all versions of this package