ErlichLiu Claude-Agent-SDK Path Traversal Vulnerability in Agent Teams Component

A path traversal vulnerability allowing arbitrary file read has been identified in the ErlichLiu Claude-Agent-SDK, specifically in the 04-agent-teams component, up to commit b185aa7ff0d864581257008077b4010fca1747bf. The vulnerability arises in the app/api/agent-output/route.ts file, where the outputFile parameter is manipulated, leading to unauthorized access to local files. This issue can be exploited remotely, potentially allowing attackers to read sensitive files such as configuration data, credentials, or source code.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of local files accessible by the server process, including sensitive information like configuration files or credentials.

Reproduction

To reproduce this vulnerability, upload the affected application and send a JSON payload to the '/api/agent-output' endpoint. Include a file path that the server can read, such as '/etc/hosts'. The response will contain the requested file's contents, demonstrating the path traversal exploit.

Remediation

It is recommended to restrict the outputFile parameter to a server-controlled directory, implement authentication and authorization checks on the API endpoint, and avoid returning raw file contents unless explicitly authorized by the server.