LibreChat Log Injection Vulnerability

A log injection vulnerability exists in LibreChat versions prior to 0.7.6. The issue arises in the '/code/download/:sessionId/:fileId' and '/download/:userId/:file_id' APIs, where the 'sessionId', 'fileId', 'userId', and 'file_id' parameters are not properly validated or sanitized. This lack of validation can lead to log injection attacks, potentially distorting monitoring and investigation data, evading security detection, and complicating maintenance and operations.

Impact

Exploitation of this vulnerability allows for log injection, which can mislead monitoring efforts, disrupt investigative processes, bypass security alerts, and create challenges in system maintenance and operation.

Reproduction

To reproduce this vulnerability, send a request to the '/code/download/:sessionId/:fileId' or '/download/:userId/:file_id' endpoints with crafted sessionId, fileId, userId, or file_id parameters. The absence of proper validation will allow the injection of malicious log data.

Remediation

Users are advised to update to LibreChat version 0.7.6 or later, where this vulnerability has been addressed.