CNNVD-202506-1985 Information
CNNVD ID
CNNVD-202506-1985
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
Python A2A是Manoj Desai个人开发者的一个功能Python库,用于实现谷歌的A2A协议。 Python A2A 0.5.5及之前版本存在安全漏洞,该漏洞源于文件python_a2a/agent_flow/server/api.py中函数create_workflow存在路径遍历问题。
Description (English)
Python A2A is a function of Manoj Desai’s personal developer, the Python Library, for the implementation of Google’s A2A agreement. Python A2A 0.5.5 and previous versions have a security loophole, which stems from the cytron a2a/agent low/server/api.py function Create workflow has a routing problem.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2025-06-17
Last Modified
2026-02-24
References
https://vuldb.com/?submit.593613 https://github.com/themanojdesai/python-a2a/issues/40 https://vuldb.com/?ctiid.312642 https://github.com/themanojdesai/python-a2a/releases/tag/v0.5.6 https://github.com/themanojdesai/python-a2a/issues/40#issuecomment-2904804388 https://vuldb.com/?id.312642 https://access.redhat.com/security/cve/cve-2025-6167 https://nvd.nist.gov/vuln/detail/CVE-2025-6167
Patch
https://github.com/themanojdesai/python-a2a/tags
Share on: