Description
PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside_secret.txt or absolute paths in project command files to exfiltrate process-readable files into model prompts.
Problem types
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
Any version before 4.6.78
4.6.78 (semver)
Credits
rexpository
References
github.com/...isonAI/security/advisories/GHSA-xpx6-x8c2-mw5w
github.com/...isonAI/security/advisories/GHSA-xpx6-x8c2-mw5w (GitHub Security Advisory (GHSA-xpx6-x8c2-mw5w))
github.com/...ommit/3aa9cbc2bd49c23a32be0a89a5e620d13d843eab
www.vulncheck.com/...fore-path-traversal-via-custom-commands (VulnCheck Advisory: PraisonAI before 4.6.78 Path Traversal via Custom Commands)