Griptape AI Griptape Path Traversal Vulnerability in FileManagerTool

A path traversal vulnerability has been identified in Griptape AI's Griptape version 0.19.4. The issue arises in the FileManagerTool component, specifically within the functions load_files_from_disk, list_files_from_disk, save_content_to_file, and save_memory_artifacts_to_disk. The vulnerability allows for arbitrary file read, directory listing, and file writing by exploiting improper path sanitization. An attacker can inject prompts to manipulate file paths, bypassing directory restrictions and accessing or modifying files on the host system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the host filesystem, allowing attackers to read sensitive files, write to critical system files to execute code, or disrupt system operations by modifying or deleting important files.

Reproduction

The vulnerability can be reproduced by using the Griptape agent with the FileManagerTool. After encoding a payload that includes path traversal sequences into a Base64 string, this string can be injected into a prompt. Once decoded, the Griptape agent will execute the command, resulting in the unauthorized access or modification of files.