agno is vulnerable to OS Command Injection
71
High Risk
The DaytonaTools toolkit builds shell command strings by interpolating file and directory paths directly into commands executed inside the Daytona sandbox. Methods such as run_shell_command, create_file, read_file, list_files, and delete_file pass these path values to the sandbox shell without escaping. A path containing shell metacharacters lets a caller run arbitrary commands inside the sandbox beyond the intended file operation. The fix wraps path-derived values with shlex.quote before interpolation and normalizes paths using POSIX semantics.
You are affected if you are using a version that falls within the vulnerable range and your application uses the DaytonaTools toolkit with attacker-influenced file or directory paths.
agno is vulnerable to OS Command Injection in versions 1.7.6 - 2.6.12.
Upgrade the agno library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant