HKUDS LightRAG Path Traversal Vulnerability in File Upload Component
Vulnerability
A critical path traversal vulnerability has been identified in HKUDS LightRAG versions through 1.3.8. The issue arises in the file upload function 'upload_to_input_dir' within 'lightrag/api/routers/document_routes.py'. The vulnerability allows attackers to manipulate the 'file.filename' argument to traverse directories, potentially uploading malicious files to unintended locations on the server.
Impact
Exploitation of this vulnerability could lead to unauthorized file uploads, allowing attackers to place malicious files in arbitrary locations on the server's filesystem.
Reproduction
The vulnerability can be reproduced by uploading a file through the LightRAG framework's file upload feature. The filename can be crafted to include directory traversal sequences, such as '../', which will be processed by the 'upload_to_input_dir' function. This bypasses the intended directory restrictions and uploads the file to a location outside the designated input directory.
Remediation
Users are advised to update to LightRAG version 1.3.9 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.