Awesome-llm-apps Beifong AI News and Podcast Agent Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in the Beifong AI News and Podcast Agent backend of the awesome-llm-apps project, specifically in commit e46690f99c3f08be80a9877fab52acacf7ab8251. The vulnerability exists in the FastAPI backend, within the stream-audio endpoint of the podcast_router.py file. The issue arises because the endpoint accepts a user-controlled path parameter that is directly concatenated into a filesystem path without adequate validation or restrictions. This flaw enables an unauthenticated remote attacker to exploit the vulnerability and read arbitrary files from the server's filesystem, potentially exposing sensitive information such as configuration files and credentials.

Impact

Exploitation of this vulnerability allows for arbitrary file read access, enabling an attacker to retrieve sensitive files from the server, such as environment configuration files, API keys, credentials, database connection strings, and internal source code or logs.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the /stream-audio/{filename} endpoint with a traversal payload that includes sequences like ../ to escape the intended directory. The backend processes the filename parameter without proper sanitization, allowing access to files outside the designated audio directory. This can be done using a tool like curl, with the --path-as-is option to preserve the traversal sequences.

Remediation

To address this vulnerability, the path traversal issue can be mitigated by implementing proper path validation and normalization. A recommended fix involves using the pathlib library to resolve the requested file path and ensure it remains within the intended directory before serving the file.