PraisonAI Path Traversal Vulnerability in Action Orchestrator Allows Arbitrary File Write

A path traversal vulnerability has been identified in the Action Orchestrator feature of PraisonAI, prior to version 1.5.113. This vulnerability allows an attacker or a compromised agent to write to arbitrary files outside the designated workspace directory. By including relative path segments in the target path, malicious actions can overwrite sensitive system files or place executable payloads on the host. The issue arises because the application fails to properly validate that user-supplied paths remain within the confines of the workspace, enabling unauthorized file modifications.

Impact

Exploitation of this vulnerability allows for arbitrary file writing, with the potential to overwrite critical files such as `~/.ssh/authorized_keys` or `.bashrc`. This could lead to remote code execution or significant system disruption.

Reproduction

To reproduce this vulnerability, create a malicious `ActionStep` payload that includes path traversal characters in the target file path. When the Action Orchestrator applies this step, it will write to the specified traversed path, bypassing the intended workspace directory restrictions.

Remediation

Users should update to PraisonAI version 1.5.113 or later.