@openai/agents-extensions is vulnerable to Path Traversal
59
Medium Risk
The Cloudflare sandbox provider in @openai/agents-extensions validates workspace tar archives before sending them to the remote worker during hydrateWorkspace. The archive validator does not inspect symlink member targets, so a crafted archive can include symlinks whose targets are absolute paths or use .. segments to escape the archive root. When such an archive is hydrated and extracted, those symlinks can point file reads or writes outside the intended workspace directory. The fix plumbs an allowExternalSymlinkTargets: false option through validateWorkspaceTarArchive, parses PAX linkpath, and rejects absolute or escaping symlink targets.
You are affected if you are using a version that falls within the vulnerable range and use the Cloudflare sandbox provider to hydrate workspaces from untrusted tar archives.
@openai/agents-extensions is vulnerable to Path Traversal in versions 0.9.0 - 0.9.1.
Upgrade the @openai/agents-extensions library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant