Security Advisories for @paperclipai/server in npm
Critical
about 1 month ago
Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise
npm
@paperclipai/server
Moderate
about 1 month ago
Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server
npm
@paperclipai/server
Critical
about 1 month ago
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
npm
@paperclipai/server
Critical
about 1 month ago
Paperclip: OS Command Injection via Execution Workspace cleanupCommand
npm
@paperclipai/server
High
about 1 month ago
Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode
npm
@paperclipai/server
High
about 1 month ago
Paperclip: Malicious skills able to exfiltrate and destroy all user data
npm
@paperclipai/server
High
about 1 month ago
Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution
npm
@paperclipai/server
Critical
about 2 months ago
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
npm
@paperclipai/server, paperclipai