@openai/agents-core is vulnerable to Path Traversal
40
Medium Risk
The sandbox module resolves LocalFile.src and LocalDir.src host paths and reads SKILL.md files during lazy local skill discovery before materializing them into a sandbox workspace. Before the fix these local sources are not constrained to the SDK process base directory, so an absolute or relative source path pointing outside that directory is materialized without restriction. An application that builds a manifest from attacker-influenced source or skill paths can therefore read host files and metadata outside the intended boundary, including by following symlinked ancestors. The fix constrains local sources to the base directory unless explicitly allowed via manifest.extraPathGrants and rejects symlink-escaping skill discovery.
You are affected if you are using a version that falls within the vulnerable range and your application materializes local sandbox sources (LocalFile/LocalDir) or local skill sources from paths influenced by untrusted input.
@openai/agents-core is vulnerable to Path Traversal in versions 0.9.0 - 0.10.1.
Upgrade the @openai/agents-core and/or the @openai/agents library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant