Tag
PraisonAI versions 4.6.37 and earlier are vulnerable to arbitrary file write due to missing path validation in the `write_file` function when `workspace=None`, allowing an attacker to write attacker-controlled content to arbitrary file paths on the victim's system via a malicious webpage.