praisonai 4.6.36

Direct Vulnerabilities

Known vulnerabilities in the praisonai package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Unsafe Dependency Resolution PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the `load_tools_from_module` and `load_tools_from_module_class` functions, which accept a `module_path` parameter from YAML configuration and execute it using `spec.loader.exec_module` without validation or gating. An attacker can execute arbitrary code with the privileges of the running process by supplying a crafted module path via a writable configuration directory, remote recipe fetch, or prompt injection. Note: This is only exploitable if an attacker can control the YAML configuration or place a malicious Python file accessible to the process. How to fix Unsafe Dependency Resolution? Upgrade `PraisonAI` to version 4.6.38 or higher.	[,4.6.38)
H Missing Authorization PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Missing Authorization via the `workflow.show`, `workflow.validate`, and `deploy.validate` handlers, which accept file path arguments without proper containment checks. An attacker can access and exfiltrate arbitrary files readable by the host user by sending unauthenticated requests to the exposed MCP server endpoints. Note: This is only exploitable if the server is running with default authentication disabled (i.e., `api_key=None`), which is the documented default configuration. How to fix Missing Authorization? Upgrade `PraisonAI` to version 4.6.40 or higher.	[,4.6.40)
M Directory Traversal PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Directory Traversal through the `write_file` function when path validation is skipped if `workspace` is set to None. An attacker can cause arbitrary files to be written to attacker-specified locations by embedding hidden metadata in a webpage that is processed by the API. How to fix Directory Traversal? Upgrade `PraisonAI` to version 4.6.40 or higher.	[,4.6.40)
M Exposure of Sensitive System Information to an Unauthorized Control Sphere PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the direct-prompt CLI. An attacker can access sensitive local HTTP resources by crafting prompt text containing `@url:` mentions that reference loopback or private network addresses, causing the system to fetch and inject the response body into the model prompt context. How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere? Upgrade `PraisonAI` to version 4.6.40 or higher.	[,4.6.40)
M Server-side Request Forgery (SSRF) PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via improper URL validation the `spider_tools` component. An attacker can access internal loopback-only HTTP services by supplying specially crafted URLs that use alternate encodings of loopback addresses, bypassing insufficient validation checks. How to fix Server-side Request Forgery (SSRF)? Upgrade `PraisonAI` to version 4.6.40 or higher.	[,4.6.40)
M Protection Mechanism Failure PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Protection Mechanism Failure in the `execute_code()` function. An attacker can achieve arbitrary command execution on the host system by leveraging access to `print.__self__` to retrieve the real builtins module, extracting sensitive functions such as `__import__` through dynamic attribute access and runtime string construction, and bypassing AST-based security checks. This allows reading and writing files, exfiltrating environment variables, and executing further malicious actions. How to fix Protection Mechanism Failure? Upgrade `PraisonAI` to version 4.6.40 or higher.	[,4.6.40)
H Directory Traversal PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Directory Traversal through the `_safe_extractall` process. An attacker can write arbitrary files outside the intended destination directory by crafting a tar archive containing a symlink with a `linkname` pointing outside the target directory, followed by a regular file whose path traverses the created symlink. How to fix Directory Traversal? Upgrade `PraisonAI` to version 4.6.37 or higher.	[,4.6.37)
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in the `ToolExecutionMixin.execute_tool` process. An attacker can execute arbitrary callables defined in the `__main__` module by supplying crafted tool-call names that are not declared in the tool list or registry. How to fix Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')? Upgrade `PraisonAI` to version 4.6.37 or higher.	[,4.6.37)

Vulnerability

Vulnerable Version

Unsafe Dependency Resolution

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the load_tools_from_module and load_tools_from_module_class functions, which accept a module_path parameter from YAML configuration and execute it using spec.loader.exec_module without validation or gating. An attacker can execute arbitrary code with the privileges of the running process by supplying a crafted module path via a writable configuration directory, remote recipe fetch, or prompt injection.

Note: This is only exploitable if an attacker can control the YAML configuration or place a malicious Python file accessible to the process.

How to fix Unsafe Dependency Resolution?

Upgrade PraisonAI to version 4.6.38 or higher.

[,4.6.38)

Missing Authorization

Affected versions of this package are vulnerable to Missing Authorization via the workflow.show, workflow.validate, and deploy.validate handlers, which accept file path arguments without proper containment checks. An attacker can access and exfiltrate arbitrary files readable by the host user by sending unauthenticated requests to the exposed MCP server endpoints.

Note: This is only exploitable if the server is running with default authentication disabled (i.e., api_key=None), which is the documented default configuration.

How to fix Missing Authorization?