praisonai@4.6.57

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to External Control of File Name or Path through the cache path construction process. An attacker can write arbitrary files outside the intended cache directory and delete directories accessible by the process by supplying crafted GitHub template URIs containing path traversal sequences.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Directory Traversal via the multiedit function, which lacks path validation, workspace boundary checks, and protected path guards. An attacker can read or overwrite arbitrary files accessible to the process user by supplying crafted file paths as arguments, potentially exposing sensitive information or modifying critical files.

Upgrade PraisonAI to version 4.6.62 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Improper Authentication via the verify_token function. An attacker can gain unauthorized access to the agent invocation API by setting the PRAISONAI_CALL_AUTH environment variable to disabled, which unconditionally skips authentication checks. This is only exploitable if the environment variable is explicitly set to disabled in the deployment configuration.

Upgrade PraisonAI to version 4.6.62 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Incorrect Authorization via the workflow.yaml approval process. An attacker can execute arbitrary commands with the privileges of the running process by crafting a recipe that declares dangerous tools in workflow.yaml and self-approves them, thereby bypassing intended policy checks.

Upgrade PraisonAI to version 4.6.62 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Protection Mechanism Failure due to the silent fallback from kernel-enforced sandboxing to unrestricted subprocess execution when Landlock is unavailable. An attacker can access files outside the configured allowed paths and establish network connections even when network access is explicitly disabled by executing code through the affected process.

Upgrade PraisonAI to version 4.6.62 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Incorrect Authorization in the app_mention event handler, which fails to enforce user and channel authorization checks. An attacker can gain unauthorized access to agent functionality and potentially impact confidentiality and integrity by mentioning the bot in a Slack channel where the app is present, even if the user or channel is not authorized.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the webhook process when the required secret is not configured. An attacker can trigger unauthorized agent actions, manipulate issue content, and cause unintended tool execution by sending forged webhook requests to the public endpoint.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the HTTPApproval process. An attacker can execute arbitrary JavaScript in the context of the approval dashboard by injecting malicious tool arguments, which can result in unauthorized approval of dangerous tool actions without explicit human consent.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the webhook_url parameter in the job submission process. An attacker can trigger the host to send POST requests to internal network endpoints, such as loopback, private network, or cloud metadata services, by exploiting a DNS rebinding technique that causes the validated hostname to resolve to a different address at the time of webhook delivery.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Information Exposure via the artifact_head, artifact_tail, artifact_grep, and artifact_chunk functions. An attacker can access sensitive files on the host system by supplying arbitrary file paths to these functions, allowing disclosure of confidential information such as environment files, credentials, SSH keys, and other local data readable by the process.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Information Exposure via the history_tail, history_get, terminal_tail, and terminal_grep functions when user-supplied run_id and agent_id values are used to construct file paths without proper validation. An attacker can access sensitive files outside the intended storage directory by supplying crafted path traversal values.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Missing Authorization via the recipe serve command, which allows the HTTP server to be started on a non-localhost interface without authentication. An attacker can gain unauthorized access to recipe API endpoints and, if admin mode is enabled, perform administrative actions by sending unauthenticated requests to the exposed server.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Directory Traversal via the agent_file field in the Jobs API. An attacker can access arbitrary files on the server by supplying an absolute filesystem path without authentication or path validation.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Missing Authorization via the unauthenticated create_app process. An attacker can execute arbitrary code, access sensitive job data, and disrupt service by submitting, reading, canceling, or deleting jobs through exposed API endpoints without any authentication or authorization checks.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Incorrect Authorization via the read_file and list_files functions when user-controlled input is passed as a file path argument, which is then incorporated into shell command strings without proper sanitization. An attacker can execute arbitrary shell commands on the host or within a container by supplying crafted path arguments through interfaces that expose these file tools.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the dispatch process of the authentication middleware when no secret is configured. An attacker can gain unauthorized access to recipe execution endpoints, trigger arbitrary recipe executions, read sensitive inputs and outputs, and potentially achieve remote code execution by sending unauthenticated requests. This is only exploitable if authentication is enabled in the configuration but the required secret (API key or JWT secret) is not set in either the configuration file or environment variables.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Missing Authorization via the AgentOS process. An attacker can gain unauthorized access to agent metadata and invoke agent actions by sending unauthenticated or incorrectly authenticated requests to the /api/agents and /api/chat endpoints. This can result in enumeration of deployed agents, reading sensitive agent information, triggering downstream tools or integrations, and consuming resources through repeated invocation.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the webhook process when the secret environment variable is unset, causing signature verification to be skipped. An attacker can inject arbitrary platform events and impersonate users by sending crafted requests to the webhook endpoint.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Incorrect Authorization through the run_stream function. An attacker can execute arbitrary commands with the privileges of the running process by submitting a crafted recipe that declares dangerous tools, bypassing intended policy enforcement.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Incorrect Authorization in the DiscordApproval process. An attacker can gain unauthorized approval for high-risk tool executions by posting an approval-like message (such as 'yes') in the configured Discord channel after an approval prompt appears, without being an intended approver or replying directly to the approval request. This can result in execution of privileged operations, file modifications, deployment changes, or data access with the privileges of the application process.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Incorrect Authorization via the CODE_TOOLS wrappers and related file operation functions when the workspace boundary is unset. An attacker can read and modify files outside the intended project workspace by influencing prompt-driven tool calls before a workspace is configured.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api_mcp_connect endpoint in the UI host application. An attacker can execute arbitrary local commands as the service user by sending crafted HTTP POST requests containing attacker-controlled command and args fields. This allows for actions such as exfiltrating secrets, modifying files, or disrupting services remotely without authentication.

Upgrade PraisonAI to version 4.6.59 or higher.

PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

Affected versions of this package are vulnerable to Missing Authorization through the run_sse process. An attacker can gain unauthorized access to registered tools and interact with them by leveraging DNS rebinding and sending crafted requests with attacker-controlled Host and Origin headers. This can result in exposure, modification, or disruption of local or internal resources accessible by the exposed tools. This is only exploitable if a user starts a local or internal legacy SSE MCP server and visits a malicious website.

Upgrade PraisonAI to version 4.6.59 or higher.