Tag

Application-Vulnerability

3 briefs RSS

Stack Buffer Overflow in Oj Ruby Gem (CVE-2026-54502)

The `Oj.dump` function in the `Oj` Ruby gem is vulnerable to a stack-based buffer overflow (CVE-2026-54502) due to improper validation of the `:indent` parameter, allowing an attacker to trigger a process crash or potentially remote code execution by providing an excessively large integer value, affecting all `Oj` gem versions prior to `3.17.2`.

oj gem overflow ruby gem denial-of-service remote-code-execution application-vulnerability

3r 4t 1d ago

high advisory

PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion

2 rules 2 TTPs

PraisonAI's template loader is vulnerable to a path traversal flaw (GHSA-f44v-7qgw-9gh9) when processing GitHub template URIs, allowing an unauthenticated attacker to write arbitrary files or delete arbitrary directories on the system running PraisonAI, leading to corruption of user configuration, project state, or application data.

praisonai path-traversal application-vulnerability python file-write file-deletion

2r 2t 2d ago

high advisory

PraisonAI Recipe Policy Bypass via YAML Workflow Approval

2 rules 2 TTPs

A policy bypass vulnerability in PraisonAI (CVE-NONE) allows untrusted recipes to self-approve and execute default-denied critical shell tools, such as `execute_command`, by declaring them in `workflow.yaml` instead of `TEMPLATE.yaml requires.tools`, leading to arbitrary command execution with the privileges of the PraisonAI process.

PraisonAI application-vulnerability policy-bypass remote-code-execution python

2r 2t 2d ago