PraisonAI Zip Slip Vulnerability Leading to Arbitrary File Write

A Zip Slip vulnerability allowing arbitrary file write has been identified in PraisonAI versions prior to 1.5.113. This issue arises in the templates installation feature, where the application extracts template archives from external sources using Python's zipfile.extractall() method. The extraction process does not properly validate whether the files within the archive remain within the designated extraction directory. As a result, a maliciously crafted ZIP file can overwrite arbitrary files on the user's filesystem, potentially leading to system corruption or full remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting, with the potential to replace system files, user dotfiles, or application code. Such actions could cause system instability or corruption, and in some cases, could be leveraged for full remote code execution.

Reproduction

To reproduce this vulnerability, create a ZIP file containing a file with a relative path that traverses directories, such as '../../../../../tmp/zip_slip_pwned.txt'. This ZIP file can be uploaded to a GitHub repository. Once the malicious template is hosted, use the PraisonAI command-line interface to install the template from GitHub. During the installation, the application will extract the ZIP file using the vulnerable 'extractall' method, overwriting the specified file in the '/tmp/' directory on the victim's machine.

Remediation

Users should update to PraisonAI version 1.5.113 or later, where this vulnerability has been fixed.