Homepage

zen-ai-pentest@3.0.0

Advanced AI-Powered Penetration Testing Framework with Multi-Agent Orchestration

  • latest version

    3.0.0

  • first published

    1 months ago

  • latest version published

    1 months ago

  • licenses detected

  • View zen-ai-pentest package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the zen-ai-pentest package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Command Injection

    zen-ai-pentest is an Advanced AI-Powered Penetration Testing Framework with Multi-Agent Orchestration

    Affected versions of this package are vulnerable to Command Injection via the Prepare Notification process in the GitHub Actions workflow. An attacker can execute arbitrary shell commands on the workflow runner by crafting a malicious issue title containing subshell expressions, which are interpolated and executed during variable assignment. This enables exfiltration of sensitive secrets, such as the Discord webhook URL, and allows the attacker to impersonate the bot or post unauthorized messages.

    How to fix Command Injection?

    A fix was pushed into the master branch but not yet published.

    [0,)
    Go back to all versions of this package