Description
PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are classified as HIGH threat level and pass through unblocked to reach the model.
Problem types
Product status
Any version before 4.6.78
4.6.78 (semver)
Credits
SnailSploit
References
github.com/...isonAI/security/advisories/GHSA-4r3p-w3mc-5v34
github.com/...isonAI/security/advisories/GHSA-4r3p-w3mc-5v34 (GitHub Security Advisory (GHSA-4r3p-w3mc-5v34))
www.vulncheck.com/...-before-prompt-injection-defense-bypass (VulnCheck Advisory: PraisonAI before 4.6.78 Prompt Injection Defense Bypass)