Griptape AI Griptape Path Traversal Vulnerability in ComputerTool Component

A path traversal vulnerability has been identified in Griptape AI's Griptape version 0.19.4, specifically within the ComputerTool component. The issue arises in the file 'griptape\tools\computer\tool.py', where the 'filename' parameter is not properly validated or sanitized. This flaw allows for directory traversal sequences to be injected, potentially leading to the overwriting of sensitive files. The vulnerability can be exploited remotely, and a public proof-of-concept is available.

Impact

Exploitation of this vulnerability allows for arbitrary file writing on the host system, with the potential to execute remote code by overwriting critical files such as '__init__.py' or shell configuration files like '~/.bashrc'.

Reproduction

The vulnerability can be reproduced by using prompt injection to manipulate the 'filename' parameter in the ComputerTool. This can be done by encoding a path traversal sequence into Base64 and injecting it into a prompt that the tool will decode and use as the filename. The injected filename can then be directed to write a file outside the intended directory, effectively exploiting the path traversal flaw.