Product

PraisonAI

1 brief RSS

PraisonAI Symlink Extraction Bypass Vulnerability

PraisonAI versions 2.7.2 through 4.6.35 are vulnerable to an arbitrary file write due to improper validation of symlinks during archive extraction, affecting `recipe pull`, `recipe publish`, and `recipe unpack` flows.

PraisonAI symlink arbitrary file write path traversal attack.persistence attack.privilege_escalation

2r 2t 1c 1h ago