@openai/agents-extensions is vulnerable to Path Traversal
40
Medium Risk
The extensions sandbox providers materialize remote local sources through the shared localSources logic, which resolves host LocalFile/LocalDir paths before copying them into a provider workspace. Before the fix these local sources are not constrained to the configured source base directory, so a source path outside that directory is materialized without restriction. An application that passes attacker-influenced local source paths into a provider manifest can read host files outside the intended boundary, including through symlinked ancestors. The fix requires paths outside the base directory to be covered by manifest.extraPathGrants and preserves symlink rejection.
You are affected if you are using a version that falls within the vulnerable range and your application materializes local sandbox sources (LocalFile/LocalDir) into a remote provider workspace from paths influenced by untrusted input.
@openai/agents-extensions is vulnerable to Path Traversal in versions 0.9.0 - 0.10.1.
Upgrade the @openai/agents-extensions library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant