Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Vulnerability Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
PraisonAI 安全漏洞
Vulnerability Description
PraisonAI是Mervin Praison个人开发者的一个低代码多智能体协作框架。 PraisonAI 4.5.90之前版本存在安全漏洞,该漏洞源于MCPToolIndex.search_tools函数将调用者提供的字符串直接编译为正则表达式,未经验证、清理或设置超时,可能导致正则表达式拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A