PraisonAI Path Traversal Vulnerability in Recipe CLI Unpacking Command Allows Arbitrary File Overwrite

A path traversal vulnerability has been identified in PraisonAI versions prior to 4.5.128. The issue arises in the recipe command-line interface (CLI) when the 'cmd_unpack' function extracts '.praison' tar archives. The extraction process uses the 'tar.extract()' method without validating the paths of the archive members. This oversight allows a '.praison' bundle containing '../../' entries to write files outside the intended output directory. As a result, an attacker can distribute a malicious bundle that overwrites arbitrary files on the victim's filesystem when the 'praisonai recipe unpack' command is executed.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting on the victim's filesystem. The attacker can control both the path and content of the overwritten files. Depending on the files targeted, this could lead to significant disruption, such as altering shell configuration files or overwriting important project files.

Reproduction

To reproduce this vulnerability, create a malicious '.praison' bundle that includes a 'manifest.json' file and a payload file with a name containing '../../' to traverse directories. Once the bundle is created, use the 'praisonai recipe unpack' command to extract it. The extraction will overwrite the '.bashrc' file, demonstrating the path traversal vulnerability.

Remediation

Users can update to PraisonAI version 4.5.128 or later, where this vulnerability has been fixed.