Langchain-Chatchat OpenAI-Compatible File Upload API Time-of-Check Time-of-Use Vulnerability

A time-of-check time-of-use (TOCTOU) vulnerability has been identified in Langchain-Chatchat versions through 0.3.1.3. The issue arises in the OpenAI-Compatible File Upload API, specifically within the file 'libs/chatchat-server/chatchat/server/api_server/openai_routes.py'. The vulnerability allows for a silent file overwrite by manipulating the 'file.filename' argument. This issue requires access to the local network for exploitation and is considered to have a high complexity.

Impact

Exploitation of this vulnerability leads to a TOCTOU race condition, where an uploaded file can be silently overwritten without detection. This allows for LLM input poisoning, where an attacker-controlled image is processed instead of the original upload.

Reproduction

To reproduce this vulnerability, upload a file through the OpenAI-Compatible File Upload API. Then, upload another file with the same name on the same day. The second upload will overwrite the first without any conflict detection. This can be done manually or by using a hash collision technique to force a filename collision.

Remediation

The vulnerability can be addressed by modifying the file upload handling to include conflict detection and content integrity checks. One suggested approach is to introduce a random UUID to the filename to prevent collisions.