Résumé
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
Références
Vulnérabilités liées
Tout Supply chain →- CRITICALGHSA-892R-P3JQ-JP24
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
- CRITICALGHSA-X8CV-XMQ7-P8XP
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
- CRITICALGHSA-FQ2M-6WQH-X44G
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement
- MEDIUMGHSA-72FW-CQH5-F324
OpenClaw: memory-wiki shared search could miss session visibility checks
- HIGHGHSA-FQ4X-789W-JG5H
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)