PromtEngineer localGPT Unrestricted File Upload Vulnerability Allowing Denial-of-Service

A vulnerability allowing unrestricted file upload has been identified in PromtEngineer localGPT versions through 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The issue resides in the 'do_POST' function of 'backend/server.py', where uploaded files are not subjected to authentication, type validation, size restrictions, or rate limiting. This flaw can be exploited remotely, leading to server disk space exhaustion and causing a denial-of-service condition that impacts all users.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by exhausting server disk space, which can lead to system crashes and failures in database operations. Additionally, the vulnerability allows for the upload of arbitrary files, which could be exploited if file execution or web accessibility were possible.

Reproduction

To reproduce this vulnerability, create a session in localGPT and upload large files through the 'Upload Files' feature without any authentication. This can be automated with a script that uploads multiple gigabyte-sized files, simulating a denial-of-service attack by exhausting available disk space.

Remediation

It is recommended to implement authentication for file uploads, add file type validation, impose size limits, introduce rate limiting, sanitize filenames to prevent path traversal, and establish storage quotas.