openhands-sdk is vulnerable to Exposure of Sensitive Information
38
Low Risk
The SDK serializes a plugin's source field verbatim through PluginSource, so inline credentials embedded in a plugin or extension source URL (for example https://oauth2:TOKEN@host/repo.git) are written into persisted conversation state (meta.json), the auto-generated plugins tag, the remote conversation create payload, and ordinary model dumps. Any actor able to read that persisted metadata, the tags, or the serialized output can recover the embedded credentials. The fix adds a field_serializer on the plugin source and applies redact_url_credentials(..., preserve_placeholders=True) at the serialization boundary, masking real inline credentials while preserving ${VAR} references and keeping the raw value in memory for clone and update operations.
You are affected if you are using a version that falls within the vulnerable range and configure plugin or extension sources with credentials embedded inline in the source URL.
openhands-sdk is vulnerable to Exposure of Sensitive Information in versions 1.10.0 - 1.29.3.
Upgrade the openhands-sdk library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant