PraisonAI Path Traversal Vulnerability in Recipe Registry Pull Workflow Allowing Arbitrary File Write

A path traversal vulnerability allowing arbitrary file writes has been identified in PraisonAI versions prior to 1.5.113. The issue arises in the recipe registry pull process, where the application extracts .praison tar archives using tar.extractall() without validating the paths of the archive members. This oversight allows a malicious publisher to include traversal entries that can escape the designated output directory, writing files to unintended locations on the user's system. The vulnerability affects both local and HTTP registry pull paths. Notably, the checksum verification does not mitigate the risk, as the harmful traversal data is embedded in the signed bundle.

Impact

Exploitation of this vulnerability leads to unauthorized file writes outside the selected output directory, potentially overwriting important project or configuration files. This behavior disrupts normal file management and can cause significant issues in project integrity and availability.

Reproduction

To reproduce this vulnerability, publish a .praison recipe bundle containing traversal entries in the tar archive. Once the recipe is published, pull it from a local or HTTP registry. The extraction process will write the traversed files outside the chosen output directory, demonstrating the path traversal vulnerability.

Remediation

Users are advised to update PraisonAI to version 1.5.113 or later, where this vulnerability has been fixed.