Summary
npm PraisonAI codeMode sandbox escape via Function constructor
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-V2WW-5RH7-2H5V
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
- LOWGHSA-68XW-R643-9P5W
OpenClaw: Skill-command dispatch could skip before-tool-call hooks
- LOWGHSA-CWPP-5962-Q4F6
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
- MEDIUMGHSA-C226-Q6FX-6J6C
OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
- HIGHGHSA-6JCQ-6546-QRRW
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
- HIGHGHSA-5JV7-2MJM-H6QJ
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining