Tag
The npm package `praisonai` versions 1.2.3 through 1.7.1 contain a network isolation bypass vulnerability (GHSA-gqmf-56h7-rrpf) in its `SandboxExecutor` component's `network-isolated` mode, allowing non-proxy-aware client commands to establish direct network connections, leading to potential data exfiltration and access to internal services.