praisonai-platform@0.1.4

Platform layer for PraisonAI — workspace, auth, issues, projects

  • latest version

    0.1.9

  • latest non vulnerable version

  • first published

    2 months ago

  • latest version published

    8 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the praisonai-platform package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Authorization

    praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects

    Affected versions of this package are vulnerable to Improper Authorization in the DELETE process for workspace resources. An attacker can irreversibly remove content belonging to other users by sending DELETE requests to affected API endpoints while authenticated as a workspace member.

    How to fix Improper Authorization?

    Upgrade praisonai-platform to version 0.1.6 or higher.

    [,0.1.6)
    • M
    Authorization Bypass Through User-Controlled Key

    praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects

    Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the create_issue and update processes. An attacker can manipulate project statistics of another workspace by supplying a foreign project_id in the request body during issue creation or update, causing unauthorized data to appear in the victim's project dashboard.

    How to fix Authorization Bypass Through User-Controlled Key?

    Upgrade praisonai-platform to version 0.1.8 or higher.

    [,0.1.8)
    • C
    Insecure Default Initialization of Resource

    praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects

    Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the auth_service.py process. An attacker can gain unauthorized access to any user account and perform actions as that user by forging authentication tokens signed with the known default secret.

    How to fix Insecure Default Initialization of Resource?

    Upgrade praisonai-platform to version 0.1.6 or higher.

    [,0.1.6)
    • C
    Insecure Default Initialization of Resource

    praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects

    Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the auth_service process. An attacker can gain unauthorized access to any user account, including workspace owners, by forging a JWT token using the publicly known default secret. This allows the attacker to impersonate users, access sensitive resources, and perform destructive actions such as deleting workspaces or removing legitimate members, all without prior authentication. This is only exploitable if the environment variable PLATFORM_JWT_SECRET is not explicitly set, as the default configuration leaves the application vulnerable.

    How to fix Insecure Default Initialization of Resource?

    Upgrade praisonai-platform to version 0.1.6 or higher.

    [,0.1.6)