stangirard/quivr Path Traversal Vulnerability Allowing Arbitrary File Uploads to S3 Buckets

A path traversal vulnerability has been identified in the latest version of stangirard/quivr. This issue allows attackers to upload files to arbitrary paths within an S3 bucket by manipulating the file path in the upload request. The vulnerability arises in the file upload functionality, where the application fails to properly validate or sanitize the file path, enabling unauthorized file placement in the S3 storage.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads to specified paths in S3 buckets, potentially leading to further security issues depending on the nature of the uploaded files and their handling by the application.

Reproduction

To reproduce this vulnerability, send a POST request to the upload endpoint with a crafted file name that includes path traversal sequences, such as '../'. The file will be uploaded to the specified path in the S3 bucket. If the target directory does not exist, it will be created automatically.