PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that recipe will write files outside the output directory they selected. This is a path traversal / arbitrary file write vulnerability on the client side of the recipe registry workflow. It affects both the local registry pull path and the HTTP registry pull path. The checksum verification does not prevent exploitation because the malicious traversal payload is part of the signed bundle itself. This vulnerability is fixed in 1.5.113.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

对路径名的限制不恰当(路径遍历)

PraisonAI 路径遍历漏洞

PraisonAI是Mervin Praison个人开发者的一个低代码多智能体协作框架。 PraisonAI 1.5.113之前版本存在路径遍历漏洞，该漏洞源于配方注册表拉取流程使用tar.extractall提取攻击者控制的.praison tar存档，且在提取前未验证存档成员路径，可能导致恶意发布者上传包含../遍历条目的配方包，导致后续拉取该配方的用户将文件写入所选输出目录之外。

N/A

N/A