andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-15 23:42:37 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
Files
ed0da4a8315bb38a17edbe379043004bfcfd8db1
crewAI/lib
History
Devin AI ed0da4a831 fix: replace eval() with safe AST-based math evaluator in AGENTS.md template 
The Calculator tool example in the AGENTS.md template used eval() on
unsanitized LLM input, creating a remote code execution vulnerability
in every new CrewAI project.

Replace eval() with an AST-based evaluator that only supports arithmetic
operators (+, -, *, /, **) and numeric literals, preventing arbitrary
code execution while preserving calculator functionality.

Closes #5056

Co-Authored-By: João <joao@crewai.com>
2026-03-25 04:03:25 +00:00
..
crewai
fix: replace eval() with safe AST-based math evaluator in AGENTS.md template
2026-03-25 04:03:25 +00:00
crewai-files
feat: bump versions to 1.11.1 (#5030)
2026-03-23 16:22:19 -07:00
crewai-tools
feat: bump versions to 1.11.1 (#5030)
2026-03-23 16:22:19 -07:00
devtools
feat: bump versions to 1.11.1 (#5030)
2026-03-23 16:22:19 -07:00