{"data":{"id":"208f47df-e003-4a6b-977a-5103512a7b53","title":"GHSA-2763-cj5r-c79m: PraisonAI Vulnerable to OS Command Injection","summary":"PraisonAI has a critical vulnerability where the `execute_command` function and workflow shell execution pass user-controlled input directly to `subprocess.run()` with `shell=True`, allowing attackers to inject arbitrary shell commands through YAML workflow files, agent configurations, and LLM-generated tool calls by exploiting shell metacharacters like semicolons and pipes.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-2763-cj5r-c79m","publishedAt":"2026-04-08T21:52:10.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["PraisonAI@< 4.5.121 (fixed: 4.5.121)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-08T21:52:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}