Executive Summary

This vulnerability exists in PraisonAI versions prior to 4.5.115 in the AgentService.loadAgentFromFile method. It uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code on the server.

An attacker can exploit this by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to execute arbitrary JavaScript code remotely on the server hosting PraisonAI. This can lead to full compromise of the server, including unauthorized access, data theft, data manipulation, service disruption, or further attacks within the network.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade PraisonAI to version 4.5.115 or later, where the issue with unsafe YAML parsing has been fixed.

Avoid uploading untrusted or unauthenticated agent definition files to the API endpoint until the update is applied.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows remote code execution on the server by exploiting the parsing of malicious YAML files. Such unauthorized code execution can lead to unauthorized access, data breaches, and potential manipulation or exposure of sensitive information.

Consequently, this can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

Failure to address this vulnerability could result in violations of these regulations due to compromised confidentiality, integrity, and availability of data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for the upload and parsing of malicious YAML files containing dangerous tags such as !!js/function or !!js/undefined in the PraisonAI system, specifically targeting the AgentService.loadAgentFromFile method.

One way to detect exploitation attempts is to look for unusual files or API requests that include YAML payloads with these dangerous tags.

For example, you can search for files containing the !!js/function tag by running commands like:

• grep -r '!!js/function' /path/to/agent/files
• grep -r '!!js/undefined' /path/to/agent/files

Additionally, monitoring API logs for upload requests containing suspicious YAML content or unexpected commands can help detect attempts.

If you have access to the server, you can also check for artifacts of exploitation such as the presence of files created by malicious payloads, for example:

• ls -l /tmp/pwned

To prevent exploitation, ensure the PraisonAI version is updated to 4.5.115 or later, where the vulnerability is fixed by using safe YAML parsing schemas.

Useful 0 Not Useful 0