>_
.issue.db
/highway-workflow-engine
Dashboard
Issues
Memory
Lessons
Audit Log
New Issue
Edit Issue #682
Update issue details
Title *
Description
Location: engine/rag/assistant.py:116. Issue: pickle.loads() on data from database is an RCE vector. If attacker gains DB write access, they can inject malicious pickled objects. Fix: Replace pickle with JSON+HMAC signing or use numpy.load with allow_pickle=False.
Priority
Low
Medium
High
Critical
Status
Open
In Progress
Closed
Won't Do
Due Date (YYYY-MM-DD)
Tags (comma separated)
Related Issues (IDs)
Enter IDs of issues related to this one. They will be linked as 'related'.
Update Issue
Cancel