@openai/agents-core is vulnerable to Improper Authorization
59
Medium Risk
The runner's function tool approval flow evaluates a tool's needsApproval callback before honoring an approval decision that is already recorded for that tool call. When needsApproval is dynamic and re-evaluates to a non-approval-required result after a human-in-the-loop pause and resume, a tool call the user previously rejected can still execute because the stored rejection is never consulted. This affects gated operations including shell, apply patch, computer use, and custom function tools. The fix checks the recorded approval or rejection first and only invokes needsApproval when no decision exists.
You are affected if you are using a version that falls within the vulnerable range and rely on human-in-the-loop tool approvals.
@openai/agents-core is vulnerable to Improper Authorization in versions 0.0.1 - 0.11.8.
Upgrade the @openai/agents-core library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant