TransformerOptimus SuperAGI Path Traversal Vulnerability in EmailToolKit

A critical path traversal vulnerability has been identified in TransformerOptimus SuperAGI versions through 0.0.14. The issue arises in the EmailToolKit component, specifically within the download_attachment function of read_email.py. The vulnerability allows manipulation of the filename argument, leading to unauthorized file system access.

Impact

Exploitation of this vulnerability allows for path traversal, where an attacker can manipulate file paths to access directories and files outside of the intended scope. This could lead to overwriting critical files or executing malicious scripts, as demonstrated in the proof-of-concept exploitation.

Reproduction

The vulnerability can be reproduced by sending an email with a crafted attachment filename that includes path traversal sequences. Once the email is received, the SuperAGI application can be prompted to read the email and download the attachment. The application will save the attachment based on the manipulated filename, traversing directories as instructed by the path traversal sequences. This will result in the attachment being saved in an unintended location, potentially allowing for exploitation of the vulnerability.