LibreChat Arbitrary File Deletion Vulnerability

A vulnerability allowing arbitrary file deletion has been identified in LibreChat version v0.7.5-rc2. This issue resides within the /api/files endpoint and is caused by inadequate input validation, which enables path traversal attacks to delete files outside the designated directory. Exploitation of this vulnerability could lead to the removal of critical system files, user data, or application resources, thereby compromising the integrity and availability of the system.

Impact

Exploitation of this vulnerability allows attackers to delete arbitrary files on the server, potentially including important system files, user data, or application resources, which could disrupt normal system operations and data integrity.

Reproduction

To reproduce this vulnerability, send a request to the /api/files endpoint with a crafted file path that exploits path traversal vulnerabilities. The request should include a user ID to bypass security checks and target files outside the intended directory.

Remediation

Users can update to the latest version of LibreChat, where this vulnerability has been addressed.