CVE-2026-5597: Path Traversal in griptape-ai 0.19.4
Plattform
python
Komponente
griptape-ai
CVE-2026-5597 represents a Path Traversal vulnerability discovered in griptape-ai version 0.19.4. This flaw resides within the ComputerTool component, specifically the file griptape\tools\computer\tool.py, and allows attackers to manipulate the 'filename' argument to access files outside the intended directory. The vulnerability is remotely exploitable, and an exploit has been publicly released, posing a significant risk. The vendor has not responded to early disclosure attempts.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5597?
CVE-2026-5597 is a Path Traversal vulnerability affecting griptape-ai version 0.19.4. It allows attackers to access files outside the intended directory by manipulating the 'filename' argument in the ComputerTool component.
Am I affected?
You are potentially affected if you are using griptape-ai version 0.19.4. The vulnerability is remotely exploitable and an exploit is publicly available, so immediate action is recommended.
How do I fix it?
No official patch is currently available. Mitigation strategies may include restricting file access permissions and implementing input validation to prevent path traversal attempts.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten