PT-2026-59433 · Pypi · Openchatbi
Publicado
2026-07-13
·
Atualizado
2026-07-13
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Impact
The
save report tool in openchatbi/tool/save report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file format parameter.The function only removes leading dots of
file format using file format.lstrip(".") but allows path traversal sequences like /../../ to pass through unchanged. When the filename is constructed via string concatenation inf"{timestamp} {clean title}.{file format}"
malicious path sequences are preserved, enabling attackers to write files outside the designated report directory.
An attacker can manipulate the LLM to call the tool with a specific
file format to overwrite critical system files like init .py, potentially leading to remote code execution.Patches
- Affected versions: <=0.2.1
- Patched versions: 0.2.2 (includes fix from PR #12: https://github.com/zhongyu09/openchatbi/pull/12)
Workarounds
No
References
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openchatbi