praisonai-platform@0.1.6

Platform layer for PraisonAI — workspace, auth, issues, projects

  • latest version

    0.1.9

  • latest non vulnerable version

  • first published

    2 months ago

  • latest version published

    8 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the praisonai-platform package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Authorization Bypass Through User-Controlled Key

    praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects

    Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the create_issue and update processes. An attacker can manipulate project statistics of another workspace by supplying a foreign project_id in the request body during issue creation or update, causing unauthorized data to appear in the victim's project dashboard.

    How to fix Authorization Bypass Through User-Controlled Key?

    Upgrade praisonai-platform to version 0.1.8 or higher.

    [,0.1.8)