Summary
Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-JVCM-F35G-W78P
Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory
- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests
- HIGHGHSA-CC8F-FCX3-GPJR
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
- MEDIUMGHSA-4XGF-CPJX-PC3J
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
- HIGHGHSA-F4XH-W4CJ-QXQ8
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
- MEDIUMGHSA-CW6H-FFMH-X6VH
Anki: User scripts in iframes have access to the internal Anki API