Mintplex Anything-LLM Path Traversal Vulnerability Leading to Arbitrary File Write and Remote Code Execution

A path traversal vulnerability has been identified in Mintplex Labs' Anything-LLM, in versions prior to 1.3.1. This issue arises from improper handling of non-ASCII filenames by the Multer library, allowing attackers with manager or admin roles to write files to arbitrary locations on the server. The vulnerability can be exploited by crafting a filename that includes '../' sequences, which Multer fails to sanitize. This arbitrary file write capability can lead to remote code execution, as overwritten files could be executed by the server.

Impact

Exploitation of this vulnerability allows for arbitrary file writes on the server, which can always lead to remote code execution. There are various methods to achieve this, such as overwriting the rc.local crontab, SSH keys, or the JavaScript code of Anything-LLM itself.

Reproduction

To reproduce this vulnerability, upload a file through the API system that handles multi-part file uploads. Include a non-ASCII filename that has been crafted to traverse directories by inserting '../' sequences. This can be done by normalizing the filename to introduce the traversal sequences, which Multer will not sanitize. The upload will need to be authorized with a bearer token from a user with manager or admin roles.

Remediation

Users are advised to update to version 1.3.1 or later, where this vulnerability has been fixed.