This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Path Traversal in PraisonAI's Action Orchestrator. <br>π₯ **Consequences**: Attackers can write files **outside** the configured workspace directory.β¦
π₯ **Affected**: **PraisonAI** by **Mervin Praison**. <br>π¦ **Version**: All versions **prior to 1.5.113**. <br>β οΈ **Note**: If you are running 1.5.113 or later, you are safe.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Actions**: <br>1. **Write Arbitrary Files**: Place malicious scripts or configs anywhere on the filesystem. <br>2. **System Compromise**: Overwrite critical system files or application configs. <br>3.β¦
π **Public Exploit**: **No**. <br>π« **PoCs**: The `pocs` field is empty. <br>π **Risk**: While no public PoC exists yet, the low complexity (AC:L) makes it highly susceptible to rapid weaponization by threat actors.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Check your PraisonAI version (`pip show praisonai`). <br>2. Look for `Action Orchestrator` usage in your workflows. <br>3.β¦