LibreChat Arbitrary File Write Vulnerability via Artifact Filename Traversal

A vulnerability allowing arbitrary file writes has been identified in LibreChat versions prior to 0.8.4. The issue arises because LibreChat trusts the filename provided by the 'execute_code' sandbox when saving code-generated artifacts. In deployments using the default local file strategy, a malicious filename containing traversal sequences can be crafted. This filename is then concatenated into the server-side destination path and written using 'fs.writeFileSync()' without any sanitization. As a result, any user who can trigger 'execute_code' can write arbitrary files as the LibreChat server user.

Impact

Exploitation of this vulnerability allows for arbitrary file writes on the server, overwriting or creating files in writable application directories. This could lead to persistent cross-site scripting by replacing a served HTML or JavaScript file with attacker-controlled content.

Reproduction

To reproduce this vulnerability, upload a code artifact that includes a filename with directory traversal sequences, such as '../../../../../app/client/dist/poc.txt'. Ensure that 'execute_code' is enabled and that LibreChat is configured to use the local file strategy for artifact storage. Once the file is written, it can be verified by checking the LibreChat server's response.

Remediation

Users are advised to update LibreChat to version 0.8.4 or later, where this vulnerability has been fixed.