RAGFlow MinerU Parser Zip Slip Vulnerability Leading to Remote Code Execution

A "Zip Slip" vulnerability has been identified in the RAGFlow open-source engine, specifically in version 0.23.1 and possibly earlier. This vulnerability resides within the MinerU parser, where the extraction logic for ZIP files fails to properly sanitize filenames. As a result, an attacker can craft a malicious ZIP archive that, when processed, overwrites arbitrary files on the server. This exploitation leads to remote code execution, as the overwritten files can include executable scripts or modules used by the application.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting, which can be leveraged to execute malicious code on the server. This is achieved by overwriting Python files or scripts that are imported or executed by the application, causing the injected code to run with the application's privileges.

Reproduction

To reproduce this vulnerability, create a ZIP file containing a Python script named with directory traversal characters, targeting a file typically found in the application structure. Serve this ZIP file to the MinerU parser, which will extract it and overwrite a critical Python file. Once the application imports the modified module or is restarted, the injected code will execute, demonstrating the remote code execution aspect of the vulnerability.

Remediation

Update the ZIP extraction logic in the MinerU parser to properly validate and sanitize filenames before writing them to the file system. This can be done by canonicalizing paths to ensure they do not traverse outside the intended extraction directory.