SimStudioAI Sim Path Traversal Vulnerability Allowing Arbitrary File Read

A critical path traversal vulnerability has been identified in SimStudioAI Sim versions through 0.1.17. The issue arises in the handleLocalFile function within apps/sim/app/api/files/parse/route.ts. The vulnerability allows unauthenticated users to manipulate the filePath parameter, escaping the intended upload directory and accessing sensitive files on the server, such as configuration files or source code. This vulnerability can be exploited remotely, leading to unauthorized file reads and potential data exposure.

Impact

Exploitation of this vulnerability allows for arbitrary file reads from the server's file system, with a risk of accessing sensitive information such as application configuration files, source code, or system files like /etc/passwd.

Reproduction

To reproduce this vulnerability, send a POST request to the /api/files/parse endpoint with a filePath parameter that includes traversal sequences (such as ..) to escape the upload directory and access restricted files. This can be done using tools like curl or Postman, after setting up the application and ensuring it is running.

Remediation

Users are advised to update to the latest version of SimStudioAI Sim, where this vulnerability has been patched.