GHSA-22cj-m4wf-fv2c: PraisonAI Dynamic Context history and terminal tools read files outside configured storage via path traversal

PraisonAI’s Dynamic Context module provides filesystem-backed history and terminal-log storage. The SDK reference describes the module as providing:

• artifact storage for tool outputs, history, and terminal logs;
• history persistence with search; and
• terminal session logging.

The module also exports agent-callable tool factories:

• create_history_tools() returns history_search, history_tail, and history_get.
• create_terminal_tools() returns terminal_tail, terminal_grep, and terminal_commands.

Those tools accept run_id and agent_id arguments from the tool caller. The underlying stores join those values into filesystem paths without rejecting absolute paths or .. traversal:

history_dir = self.base_dir / run_id / "history"
return history_dir / f"{agent_id}.jsonl"

terminal_dir = self.base_dir / run_id / "terminal"
return terminal_dir / f"{agent_id}.log"

Because run_id can be an absolute path and agent_id can contain traversal, a lower-trust prompt/user that can call these tools can read .jsonl and .log files outside the configured Dynamic Context base directory.