漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`
Vulnerability Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who distributes a malicious bundle can overwrite arbitrary files on the victim's filesystem when they run praisonai recipe unpack. This vulnerability is fixed in 4.5.128.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
PraisonAI 路径遍历漏洞
Vulnerability Description
PraisonAI是Mervin Praison个人开发者的一个低代码多智能体协作框架。 PraisonAI 4.5.128之前版本存在路径遍历漏洞,该漏洞源于recipe CLI解压.praison归档时未验证路径,可能导致任意文件覆盖。
CVSS Information
N/A
Vulnerability Type
N/A