L3Tchupkt

**Name of the Vulnerable Software and Affected Versions** pyLoad versions prior to 0.5.0b3.dev100 **Description** Insufficient sanitization of package folder names allows writing files outside the intended download directory. The issue exists in the `add package()` function within the `src/pyload/core/api/ init .py` component. The sanitization process uses string replacement that can be bypassed; specifically, the pattern `....//` is partially removed to become `.. `, leaving `..` sequences that the operating system resolves, enabling path traversal. This can be exploited via the `/api/set package data` endpoint by manipulating the `folder` variable. **Recommendations** Update to version 0.5.0b3.dev100 or later.

**Name of the Vulnerable Software and Affected Versions** PraisonAI versions prior to 4.5.139 **Description** PraisonAI is a multi-agent teams system that allows arbitrary code execution due to the automatic and unsanitized import of a `tools.py` file from the current working directory. This occurs when launching certain components, including the CLI tool-loading paths, the `import tools from file()` function in `call.py`, and the ` load local tools()` function in `tool resolver.py`. An attacker who can place a malicious `tools.py` file in the directory where the system is launched—such as through a shared project, cloned repository, or writable workspace—can execute arbitrary Python code in the host environment. This leads to the full compromise of the process, the host system, and any connected data or credentials. **Recommendations** Update to version 4.5.139. As a temporary workaround, ensure that no untrusted `tools.py` files exist in the working directory where the software is launched.

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140 Description The workflow engine is susceptible to arbitrary command and code execution through untrusted YAML files. When the system loads a YAML file with `type: job`, the `JobWorkflowExecutor` in `job workflow.py` processes steps that support `run` (shell commands via `subprocess.run()`), `script` (inline Python via `exec()`), and `python` (arbitrary Python script execution) without validation, sandboxing, or user confirmation. Affected code paths include the `action run()` function in `workflow.py` and the ` exec shell()`, ` exec inline python()`, and ` exec python script()` functions in `job workflow.py`. An attacker who can supply or influence a workflow YAML file, particularly in CI pipelines, shared repositories, or multi-tenant deployment environments, can achieve full arbitrary command execution on the host system. Recommendations Update PraisonAI to version 4.5.139. Update praisonaiagents to version 1.5.140. Restrict the use of `run`, `script`, and `python` steps in workflow YAML files to trusted sources only.