xlang-ai OpenAgents Path Traversal Vulnerability in File Upload Function
Vulnerability
A critical path traversal vulnerability has been identified in xlang-ai OpenAgents versions prior to ff2e46440699af1324eb25655b622c4a131265bb. The issue arises in the 'create_upload_file' function within 'backend/api/file.py', where the application fails to properly validate user input before saving uploaded files. This oversight allows files to be saved outside of the intended directory, potentially leading to unauthorized access or manipulation of files on the server.
Impact
Exploitation of this vulnerability allows for path traversal, where an attacker can manipulate file upload paths to save files in unintended locations, possibly overwriting existing files or causing other disruptions.
Reproduction
To reproduce this vulnerability, send a POST request to the '/api/upload' endpoint with a crafted 'user_id' parameter that includes path traversal sequences, such as '../'. Include a file in the 'file' parameter. The uploaded file will be saved in the backend directory instead of the intended subdirectory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.