chatchat-space Langchain-Chatchat Path Traversal Vulnerability in File Upload Endpoint
Vulnerability
A critical path traversal vulnerability has been identified in chatchat-space Langchain-Chatchat versions through 0.3.1. The issue arises in the '/v1/file' endpoint, which processes POST requests. The vulnerability allows attackers to manipulate the 'file' argument to traverse directories and write arbitrary files on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file writing. An attacker could upload malicious scripts that, if executed, would lead to unauthorized code execution on the server. Additionally, overwriting critical system or application files could disrupt functionality or cause system crashes.
Reproduction
To reproduce this vulnerability, initialize a Langchain-Chatchat project and start the server. Then, send a POST request to the '/v1/file' endpoint with a crafted file upload that includes directory traversal sequences. The server's response will indicate whether the traversal was successful by confirming the file upload.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.